Security and Privacy for Software Metering in Configuration Manager
Updated: May 14, 2015
Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
This topic appears in the Assets and Compliance in System Center 2012 Configuration Manager guide and in the Security and Privacy for System Center 2012 Configuration Manager guide.
This topic contains security and privacy information for software metering in System Center 2012 Configuration Manager.
There are currently no security-related best practices for software metering.
An attacker could send invalid software metering information to Configuration Manager, which will be accepted by the management point even when the software metering client setting is disabled. This might result in a large number of metering rules that are replicated throughout the hierarchy, causing a denial of service on the network and to Configuration Manager site servers.
Because an attacker can create invalid software metering data, do not consider software metering information to be authoritative.
Software metering is enabled by default as a client setting.
Software metering monitors the usage of applications on client computers. Software metering is enabled by default. You must configure which applications to meter. Metering information is stored in the Configuration Manager database. The information is encrypted during transfer to a management point but it is not stored in encrypted form in the Configuration Manager database.
This information is retained in the database until it is deleted by the site maintenance tasks Delete Aged Software Metering Data (every five days) and Delete Aged Software Metering Summary Data (every 270 days). You can configure the deletion interval. Metering information is not sent to Microsoft.
Some additional metering information is collected through hardware inventory. For more information, see Security and Privacy for Hardware Inventory in Configuration Manager.
Before you configure software metering, consider your privacy requirements.