Export (0) Print
Expand All
2 out of 2 rated this helpful - Rate this topic

User Access Logging Overview

Published: February 29, 2012

Updated: May 5, 2012

Applies To: Windows Server 2012, Windows Server 2012 R2



This technical overview describes User Access Logging (UAL), a feature in Windows Server 2012 that aggregates client usage data by role and products on a local server.

Did you mean…

User Access Logging (UAL) in Windows Server 2012 is a feature to help server administrators quantify requests from client computers for roles and services on a local server.

UAL is installed and enabled by default in Windows Server 2012, and collects data in nearly real-time. No administrator configuration is required, although UAL can be disabled or enabled. For more information, see Manage User Access Logging.T he User Access Logging service aggregates client usage data by roles and products into local database files. IT administrators can later use Windows Management Instrumentation (WMI) or Windows PowerShell cmdlets to retrieve quantities and instances by server role (or software product), by user, by device, by the local server, and by date.

UAL aggregates unique client device and user request events that are logged on a computer running Windows Server 2012 into a local database. These records are then made available (through a query by a server administrator) to retrieve quantities and instances by server role, by user, by device, by the local server, and by date. In addition, UAL has been extended to enable non-Microsoft software developers to instrument their UAL events to be aggregated by Windows Server 2012.

This information can be useful to server administrators at all levels. UAL can assist server administrators in performing the following tasks:

  • Quantify client user requests for local physical or virtual servers.

  • Quantify client user requests for installed software products on a local physical or virtual server.

  • Retrieve data on a local server running Hyper-V to identify periods of high and low demand on a Hyper-V virtual computer.

  • Retrieve UAL data from multiple remote servers.

In addition, software developers can instrument UAL events that can then be aggregated by Windows Server 2012 and retrieved by using WMI and Windows PowerShell interfaces.

The following server roles and services can be supported by UAL:

  • Active Directory Certificate Services (AD CS)

  • Active Directory Rights Management Services (AD RMS)

  • BranchCache

  • Domain Name System (DNS)

    noteNote
    UAL collects DNS data every 24 hours, and there is a separate UAL cmdlet for this scenario.

  • Dynamic Host Configuration Protocol (DHCP)

  • Fax Server

  • File Services

  • File Transfer Protocol (FTP) Server

  • Hyper-V

    noteNote
    UAL collects Hyper-V data every 24 hours, and there is a separate UAL cmdlet for this scenario.

  • Web Server (IIS)

    WarningWarning
    To use UAL with IIS, you must use iisual.exe. For more information, see Analyzing Client Usage Data with IIS User Access Logging.

  • Microsoft Message Queue (MSMQ) Services

  • Network Policy and Access Services

  • Print and Document Services

  • Routing and Remote Access Service (RRAS)

  • Windows Deployment Services (WDS)

  • Windows Server Update Services (WSUS)

ImportantImportant
UAL is not recommended for use on servers that are connected directly to the Internet, such as web servers on an Internet-accessible address space, or in scenarios where extremely high performance is the primary function of the server (such as in HPC workload environments). UAL is primarily intended for small, medium, and enterprise intranet scenarios where high volume is expected, but not as high as many deployments of Windows Server 2012 that serve Internet-facing traffic volume on a regular basis.

The following table describes key functions of UAL and their potential value.

 

Functionality Value

Collect and aggregate client request event data in near real-time.

Up to three years of data can be saved.

ImportantImportant
Administrators need to enforce compliance of the data collected and data retention periods with the organization’s privacy policy and local regulations.

Query UAL by using WMI or Windows PowerShell interfaces to retrieve client request data on a local or remote server.

UAL enables a single view of ongoing usage data. Server and enterprise administrators can retrieve this data and coordinate with business administrators to optimize use of their volume software licenses.

Enabled by default.

Server administrators do not need to configure or otherwise set up this feature for all core functionality to be available and working.

The following user-related data is logged with UAL.

 

Data Description

UserName

The user name on the client that accompanies the UAL entries from installed roles and products, if applicable.

ActivityCount

The number of times a particular user accessed a role or service.

FirstSeen

The date and time when a user first accesses a role or service.

LastSeen

The date and time when a user last accessed a role or service.

ProductName

The name of the software parent product, such as Windows, that is providing UAL data.

RoleGUID

The UAL assigned or registered GUID that represents the server role or installed product.

RoleName

The name of the role, component, or subproduct that is providing UAL data. This is also associated with a ProductName and a RoleGUID.

TenantIdentifier

A unique GUID for a tenant client of an installed role or product that accompanies the UAL data, if applicable.

The following device-related data is logged with UAL.

 

Data Description

IPAddress

The IP address of a client device that is used to access a role or service.

ActivityCount

The number of times a particular device accessed the role or service.

FirstSeen

The date and time when an IP address was first used to access a role or service.

LastSeen

The date and time when an IP address was last used to access a role or service.

ProductName

The name of the software parent product, such as Windows, that is providing UAL data.

RoleGUID

The UAL-assigned or registered GUID that represents the server role or installed product.

RoleName

The name of the role, component, or subproduct that is providing UAL data. This is also associated with a ProductName and a RoleGUID.

TenantIdentifier

A unique GUID for a tenant client of an installed role or product that accompanies the UAL data, if applicable.

UAL can be used on any computer running Windows Server 2012.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.