How Automatic User Device Affinity Works in SCCM 2012

  • Article

 

 

Details on how to configure UDA to work automatically id in this link

How to configure the site to automatically create user device affinities

 

Configuration Manager reads data about user logons from the Windows Event log. To be able to automatically create user device affinities, you must enable the following two settings from the local security policy on client computers to store logon events in the Windows Event log.

  • Audit account logon events
  • Audit logon events

 

Make sure that these events are logged in the security event logs.

 

https://technet.microsoft.com/en-in/library/cc787176(v=ws.10).aspx

https://technet.microsoft.com/en-in/library/cc787567(v=ws.10).aspx

 

To allow sufficient data for user device affinity, also set the policy Maximum security log size to a reasonable value such as 5-20 MB.

 

If we don’t have events in security events (log on events )the feature will not work

 

Once you have the UDA settings set in the client settings the same flows to the client as policy.

 

When the client goes through a log off or log on events  you would see  the following in the useraffinity.log

 

UserAffinity.log

=============

>>>>>>Starting processing user logoff event<<<<<< UserAffinity        3/5/2015 1:37:03 PM 3304 (0x0CE8)

User logoff task with user 'S-1-5-21-221200290-1771598541-1852605787-500' UserAffinity 3/5/2015 1:37:03 PM 3304 (0x0CE8)

Current time '1425542823' as user logoff time UserAffinity 3/5/2015 1:37:03 PM 3304 (0x0CE8)

Active logon event for user 'S-1-5-21-221200290-1771598541-1852605787-500' was found in WMI 'CCM_UserLogonEvents.LogonTime="1424772550",UserSID="S-1-5-21-221200290-1771598541-1852605787-500"'. Set its LogoffTime to 1425542823. UserAffinity 3/5/2015 1:37:03 PM 3304 (0x0CE8)

>>>>>>Finished processing user logoff event<<<<<< UserAffinity 3/5/2015 1:37:03 PM 3304 (0x0CE8)

 

>>>>>>Starting processing user logon event<<<<<< UserAffinity 3/5/2015 1:37:18 PM 3304 (0x0CE8)

User logon task with user 'S-1-5-21-221200290-1771598541-1852605787-500' and session ID '1' UserAffinity 3/5/2015 1:37:18 PM 3304 (0x0CE8)

Get user logon time '1425542833' (CurrentTime: 1425542838) UserAffinity 3/5/2015 1:37:18 PM 3304 (0x0CE8)

Created user logon instance 'CCM_UserLogonEvents.UserSID='S-1-5-21-221200290-1771598541-1852605787-500',LogonTime=1425542833' in WMI. UserAffinity 3/5/2015 1:37:18 PM 3304 (0x0CE8)

>>>>>>Finished processing user logon event<<<<<< UserAffinity 3/5/2015 1:37:18 PM 3304 (0x0CE8)

 

UserAffinityProvider.log

===================

The state message store path is: 'C:\Windows\CCM\UserAffinityStore.sdf' UserAffinityProvider 3/5/2015 1:37:03 PM 508 (0x01FC)

GetAllInstances - 8 instance(s) of 'CCM_UserLogonEvents' found        UserAffinityProvider 3/5/2015 1:37:03 PM 508 (0x01FC)

GetAllInstances - 8 instance(s) of 'CCM_UserLogonEvents' found UserAffinityProvider 3/5/2015 1:37:18 PM 508 (0x01FC)

 

image

 

Later when the affinity agent will run the affinity usage Task . This happens once in a day  or if we restart the ccmexec service

 

UserAffinity.log

==============

3/5/2015 7:40:43 AM UserAffinity 3304 (0x0CE8) >>>>>>Starting processing user affinity usage task<<<<<<

3/5/2015 7:40:43 AM UserAffinity 3304 (0x0CE8) Auto affinity threshold settings Days = '1', User minutes threshold = '360', Auto approve affinity = '1'.

3/5/2015 7:40:43 AM UserAffinity 3304 (0x0CE8) Clean up agents user logon events...

3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) Retrieving user minutes map...

3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) Loading approved and pending user affinities...

3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) Checking if any pending affinity is approved...

3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) User 'contoso\administrator' in pending affinity is not approved yet

3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) Checking usage minutes per user against current minutes threshold...

3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) User 'contoso\administrator' has 1440 usage minutes

3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) Setting auto affinity for user 'contoso\administrator'.

3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) Found same state message existing. (was sent before) Skip sending same state message for user 'contoso\administrator'..

3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) >>>>>>Finished processing user affinity usage task<<<<<<

 

UserAffinityProvider.log

====================

3/5/2015 7:40:43 AM UserAffinityProvider 3972 (0x0F84) The state message store path is: 'C:\Windows\CCM\UserAffinityStore.sdf'

3/5/2015 7:40:44 AM UserAffinityProvider 3972 (0x0F84) GetAllInstances - 13 instance(s) of 'CCM_UserLogonEvents' found

3/5/2015 7:40:44 AM UserAffinityProvider 3216 (0x0C90) GetAllInstances - 13 instance(s) of 'CCM_UserLogonEvents' found

 

Once done it will create a state message which will send to the serve which will update the information ion the database

 

State message with TopicType 1600 and TopicId contoso/administrator_Auto and State 1 has been updated        StateMessage        3/5/2015 1:45:12 PM        4068 (0x0FE4)

 

State 1 means SET affinity

Sate 2 means REMOVE affinity

 

Now this state message flows as usual state message and insert in to the database

 

Hope this would be helpful.

Sudheesh N

This posting /Script is provided "AS IS" with no warranties and confers no rights