How Automatic User Device Affinity Works in SCCM 2012


 

 

Details on how to configure UDA to work automatically id in this link

How to configure the site to automatically create user device affinities

 

Configuration Manager reads data about user logons from the Windows Event log. To be able to automatically create user device affinities, you must enable the following two settings from the local security policy on client computers to store logon events in the Windows Event log.

  • Audit account logon events
  • Audit logon events

 

Make sure that these events are logged in the security event logs.

 

https://technet.microsoft.com/en-in/library/cc787176(v=ws.10).aspx

https://technet.microsoft.com/en-in/library/cc787567(v=ws.10).aspx

 

To allow sufficient data for user device affinity, also set the policy Maximum security log size to a reasonable value such as 5-20 MB.

 

If we don’t have events in security events (log on events )the feature will not work

 

Once you have the UDA settings set in the client settings the same flows to the client as policy.

 

When the client goes through a log off or log on events  you would see  the following in the useraffinity.log

 

UserAffinity.log

=============

>>>>>>Starting processing user logoff event<<<<<<        UserAffinity        3/5/2015 1:37:03 PM        3304 (0x0CE8)

User logoff task with user 'S-1-5-21-221200290-1771598541-1852605787-500'        UserAffinity        3/5/2015 1:37:03 PM        3304 (0x0CE8)

Current time '1425542823' as user logoff time        UserAffinity        3/5/2015 1:37:03 PM        3304 (0x0CE8)

Active logon event for user 'S-1-5-21-221200290-1771598541-1852605787-500' was found in WMI 'CCM_UserLogonEvents.LogonTime="1424772550",UserSID="S-1-5-21-221200290-1771598541-1852605787-500"'. Set its LogoffTime to 1425542823.        UserAffinity        3/5/2015 1:37:03 PM        3304 (0x0CE8)

>>>>>>Finished processing user logoff event<<<<<<        UserAffinity        3/5/2015 1:37:03 PM        3304 (0x0CE8)

 

>>>>>>Starting processing user logon event<<<<<<        UserAffinity        3/5/2015 1:37:18 PM        3304 (0x0CE8)

User logon task with user 'S-1-5-21-221200290-1771598541-1852605787-500' and session ID '1'        UserAffinity        3/5/2015 1:37:18 PM        3304 (0x0CE8)

Get user logon time '1425542833' (CurrentTime: 1425542838)        UserAffinity        3/5/2015 1:37:18 PM        3304 (0x0CE8)

Created user logon instance 'CCM_UserLogonEvents.UserSID='S-1-5-21-221200290-1771598541-1852605787-500',LogonTime=1425542833' in WMI.        UserAffinity        3/5/2015 1:37:18 PM        3304 (0x0CE8)

>>>>>>Finished processing user logon event<<<<<<        UserAffinity        3/5/2015 1:37:18 PM        3304 (0x0CE8)

 

UserAffinityProvider.log

===================

The state message store path is: 'C:\Windows\CCM\UserAffinityStore.sdf'        UserAffinityProvider        3/5/2015 1:37:03 PM        508 (0x01FC)

GetAllInstances – 8 instance(s) of 'CCM_UserLogonEvents' found        UserAffinityProvider        3/5/2015 1:37:03 PM        508 (0x01FC)

GetAllInstances – 8 instance(s) of 'CCM_UserLogonEvents' found        UserAffinityProvider        3/5/2015 1:37:18 PM        508 (0x01FC)

 

image

 

Later when the affinity agent will run the affinity usage Task . This happens once in a day  or if we restart the ccmexec service

 

UserAffinity.log

==============

3/5/2015 7:40:43 AM        UserAffinity        3304 (0x0CE8)        >>>>>>Starting processing user affinity usage task<<<<<<

3/5/2015 7:40:43 AM        UserAffinity        3304 (0x0CE8)        Auto affinity threshold settings Days = '1', User minutes threshold = '360', Auto approve affinity = '1'.

3/5/2015 7:40:43 AM        UserAffinity        3304 (0x0CE8)        Clean up agents user logon events…

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        Retrieving user minutes map…

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        Loading approved and pending user affinities…

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        Checking if any pending affinity is approved…

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        User 'contoso\administrator' in pending affinity is not approved yet

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        Checking usage minutes per user against current minutes threshold…

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        User 'contoso\administrator' has 1440 usage minutes

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        Setting auto affinity for user 'contoso\administrator'.

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        Found same state message existing. (was sent before) Skip sending same state message for user 'contoso\administrator'..

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        >>>>>>Finished processing user affinity usage task<<<<<<

 

UserAffinityProvider.log

====================

3/5/2015 7:40:43 AM        UserAffinityProvider        3972 (0x0F84)        The state message store path is: 'C:\Windows\CCM\UserAffinityStore.sdf'

3/5/2015 7:40:44 AM        UserAffinityProvider        3972 (0x0F84)        GetAllInstances – 13 instance(s) of 'CCM_UserLogonEvents' found

3/5/2015 7:40:44 AM        UserAffinityProvider        3216 (0x0C90)        GetAllInstances – 13 instance(s) of 'CCM_UserLogonEvents' found

 

Once done it will create a state message which will send to the serve which will update the information ion the database

 

State message with TopicType 1600 and TopicId contoso/administrator_Auto and State 1 has been updated        StateMessage        3/5/2015 1:45:12 PM        4068 (0x0FE4)

 

State 1 means SET affinity

Sate 2 means REMOVE affinity

 

Now this state message flows as usual state message and insert in to the database

 

Hope this would be helpful.

Sudheesh N

This posting /Script  is provided "AS IS" with no warranties and confers no rights


Comments (5)

  1. Mike Compton says:

    Bump, please answer these questions!

  2. HeyAdmin says:

    Hey Sudheesh, these are good questions. Why aren’t you answering?

  3. additionally, just to confirm, Top Console User has no bearing on UDA?

  4. Hello.

    Similar to the above question, does UDA look at event logs retrospectively?

    Say we are migrating agents from 2007 to 2012, if UDA is enabled in 2012, and logon events are captured, will UDA be populated for 2012 immediately?

  5. HeyAdmin says:

    Let’s say we change our UDA settings from 2880 minutes over 30 days to 1440 minutes over 15 days. Does UDA then look retroactively at the security event log to recalculate whether a user is primary or not?

Skip to main content