.png)
User Access Logging and Resulting Internet Communication in Windows Server 2012
Published: August 15, 2012
Updated: August 15, 2012
Applies To: Windows 8, Windows Server 2012
In this section
Benefits and purposes of User Access Logging
User and device-related data recorded with User Access Logging
Viewing or changing settings that affect User Access Logging in Windows Server 2012
This section provides overview information about User Access Logging (UAL) and information about some settings that affect User Access Logging. The section also provides suggestions for other sources of information about User Access Logging to help you balance your organization’s requirements for communication across the Internet with your organization’s requirements for protection of networked assets. It is beyond the scope of this document to describe all aspects of maintaining appropriate levels of privacy and security in an organization running servers that use User Access Logging.
UAL aggregates unique client device and user request events that are logged on a computer running Windows Server 2012 into a local database. These records are made available (through a query by a server administrator) to retrieve quantities and instances by server role, by user, by device, by the local server, and by date. In addition, UAL has been extended to enable non-Microsoft software developers to instrument UAL events that are to be aggregated by Windows Server 2012.
This information can be useful to server administrators at all levels. UAL can assist server administrators in performing the following tasks:
-
Quantify client user requests for local physical or virtual servers.
-
Quantify client user requests for installed software products on a local physical computer or virtual machine.
-
Retrieve data on a local server running Hyper-V to identify periods of high and low demand on the virtual machine.
-
Retrieve UAL data from multiple remote servers.
In addition, software developers can instrument UAL events that can be aggregated by Windows Server 2012 and retrieved by using WMI and Windows PowerShell interfaces.
 Important |
|---|
| UAL is not recommended for use on servers that are connected directly to the Internet, such as web servers on an Internet-accessible address space; and it is not recommended in scenarios where extremely high performance is the primary function of the server (such as in high-performance computing workload environments). UAL is primarily intended for small, medium, and enterprise intranet scenarios where high volume is expected, but not as high as many deployments of Windows Server 2012 that serve Internet-facing traffic volume on a regular basis. |
The following user-related data is logged with UAL.
| Data | Description |
|---|---|
|
ActivityCount |
Number of times a particular user has accessed the service. |
|
FirstSeen |
Date and time when a user first accesses a role or service. |
|
LastSeen |
Date and time when a user last accessed a role or service. |
|
ProductName |
Name of the software parent product (such as Windows) that is providing UAL data. |
|
RoleGUID |
GUID that is assigned or registered by UAL, which represents the server role or installed product. |
|
RoleName |
Name of the role, component, or subproduct that is providing User Access Logging data. This is also associated with a ProductName and a RoleGUID. |
|
TenantIdentifier |
Unique GUID for a tenant client of an installed role or for a product that accompanies the UAL data, if applicable. |
|
UserName |
User name on the client that accompanies the UAL entries from installed roles and products, if applicable. |
|
PSComputerName |
Name of the target server when you query UAL data from a remote computer. |
The following device-related data is logged with UAL.
| Data | Description |
|---|---|
|
ActivityCount |
Number of times a particular device has been used to access the service. |
|
FirstSeen |
Date and time when an IP address is first used to access a role or service. |
|
IPAddress |
IP address of a client device that is used to access a role or service. |
|
LastSeen |
Date and time when an IP address was last used to access a role or service. |
|
ProductName |
Name of the software parent product (such as Windows) that is providing UAL data. |
|
RoleGUID |
GUID that is assigned or registered by UAL, which represents the server role or installed product. |
|
RoleName |
Name of the role, component, or subproduct that is providing UAL data. |
|
TenantIdentifier |
Unique GUID for a tenant client of an installed role or for a product that accompanies the UAL data, if applicable. |
|
PSComputerName |
Name of the target server when you query UAL data from a remote computer. |
You can disable or enable User Access Logging, and collect and delete data that is recorded by using User Access Logging. For more information, see Manage User Access Logging.
