Auditing with Microsoft Assessment and Planning (MAP) Toolkit 5.0 – Part 3
Software Usage Tracker
New to MAP 5.0 is another feature called the Software Usage Tracker. This is an audit mechanism that allows you to track the number of users or devices accessing your servers. The information from these audits can help people responsible for managing software licensing to get a better picture of Microsoft server software usage and to create a baseline for CAL reporting.
However, Microsoft also says that this method is not meant to replace whatever mechanism your organisation has in place for measuring license usage. This is because companies will generally use dedicated third party tools and processes for such audits. The function of MAP is to create a baseline, something like a starting point. For example, departmental managers can have a count of the number of users accessing their servers and send that report up to the IT management team.
At the time of this writing, Software Usage Tracker can audit the usage information for the following server products:
- Windows Server 2000, 2003 and 2003 R2, 2008 and 2008 R2
- SQL Server 2008 and 2008 R2 (Enterprise and Datacenter Editions)
- Exchange Server 2003, 2007 and 2010
- Office SharePoint Portal Server 2003, SharePoint Server 2007 and 2010
- System Centre Configuration Manager 2007 and 2007 R2
- Systems Management Server 2003 and 2003 R2
Personally, I was a bit disappointed to see only the Enterprise and Datacenter editions of SQL 2008 being compatible with the Usage Tracker.
The way Usage Tracker works is that it first analyses the log files generated from the server software running in the machines MAP has inventoried before. It then marries the log data with the server’s inventory data and generates the reports.
For Usage Tracker to analyse the relevant log files, the server software itself (whether Windows, SQL or SharePoint) first needs to be configured so that user or device logon events are actually captured. Also, logs only need to be configured when you are tracking the usage information for Windows Servers, SQL Server or SharePoint Server. No such restrictions apply for Exchange, SMS or SCMC servers.
The other requirement for Usage Tracker is what we had seen before: WMI and Remote Registry services need to be up and running in the target servers and MAP needs to be able to connect to WMI as an administrator.
Configuring logs for Windows is simple. By default, it is turned on. You can check this by following these steps:
- In the Windows machine, go to Start > All programs > Administrative Tools and the start the Local Security Policy application
- Expand, Local Policy > Audit Policy
- In the detail pane, double click on Audit logon events.
- In the dialogue box, ensure “Success” is checked. By default it should be selected. If not, you will need to refresh the policy in that server after you have set the property.
The screenshots below show how you can check this configuration setting:
For SharePoint, MAP Software Usage Tracker will need IIS logs from the machines. The IIS logs will need to be in W3C log file format (see below) and there are a definite number of fields that need to be included in the log. MAP documentation on Usage Tracker specifies these fields.