How Automatic User Device Affinity Works in SCCM 2012
Details on how to configure UDA to work automatically id in this link
How to configure the site to automatically create user device affinities
Configuration Manager reads data about user logons from the Windows Event log. To be able to automatically create user device affinities, you must enable the following two settings from the local security policy on client computers to store logon events in the Windows Event log.
- Audit account logon events
- Audit logon events
Make sure that these events are logged in the security event logs.
https://technet.microsoft.com/en-in/library/cc787176(v=ws.10).aspx
https://technet.microsoft.com/en-in/library/cc787567(v=ws.10).aspx
To allow sufficient data for user device affinity, also set the policy Maximum security log size to a reasonable value such as 5-20 MB.
If we don’t have events in security events (log on events )the feature will not work
Once you have the UDA settings set in the client settings the same flows to the client as policy.
When the client goes through a log off or log on events you would see the following in the useraffinity.log
UserAffinity.log
=============
>>>>>>Starting processing user logoff event<<<<<< UserAffinity 3/5/2015 1:37:03 PM 3304 (0x0CE8)
User logoff task with user 'S-1-5-21-221200290-1771598541-1852605787-500' UserAffinity 3/5/2015 1:37:03 PM 3304 (0x0CE8)
Current time '1425542823' as user logoff time UserAffinity 3/5/2015 1:37:03 PM 3304 (0x0CE8)
Active logon event for user 'S-1-5-21-221200290-1771598541-1852605787-500' was found in WMI 'CCM_UserLogonEvents.LogonTime="1424772550",UserSID="S-1-5-21-221200290-1771598541-1852605787-500"'. Set its LogoffTime to 1425542823. UserAffinity 3/5/2015 1:37:03 PM 3304 (0x0CE8)
>>>>>>Finished processing user logoff event<<<<<< UserAffinity 3/5/2015 1:37:03 PM 3304 (0x0CE8)
>>>>>>Starting processing user logon event<<<<<< UserAffinity 3/5/2015 1:37:18 PM 3304 (0x0CE8)
User logon task with user 'S-1-5-21-221200290-1771598541-1852605787-500' and session ID '1' UserAffinity 3/5/2015 1:37:18 PM 3304 (0x0CE8)
Get user logon time '1425542833' (CurrentTime: 1425542838) UserAffinity 3/5/2015 1:37:18 PM 3304 (0x0CE8)
Created user logon instance 'CCM_UserLogonEvents.UserSID='S-1-5-21-221200290-1771598541-1852605787-500',LogonTime=1425542833' in WMI. UserAffinity 3/5/2015 1:37:18 PM 3304 (0x0CE8)
>>>>>>Finished processing user logon event<<<<<< UserAffinity 3/5/2015 1:37:18 PM 3304 (0x0CE8)
UserAffinityProvider.log
===================
The state message store path is: 'C:\Windows\CCM\UserAffinityStore.sdf' UserAffinityProvider 3/5/2015 1:37:03 PM 508 (0x01FC)
GetAllInstances - 8 instance(s) of 'CCM_UserLogonEvents' found UserAffinityProvider 3/5/2015 1:37:03 PM 508 (0x01FC)
GetAllInstances - 8 instance(s) of 'CCM_UserLogonEvents' found UserAffinityProvider 3/5/2015 1:37:18 PM 508 (0x01FC)
Later when the affinity agent will run the affinity usage Task . This happens once in a day or if we restart the ccmexec service
UserAffinity.log
==============
3/5/2015 7:40:43 AM UserAffinity 3304 (0x0CE8) >>>>>>Starting processing user affinity usage task<<<<<<
3/5/2015 7:40:43 AM UserAffinity 3304 (0x0CE8) Auto affinity threshold settings Days = '1', User minutes threshold = '360', Auto approve affinity = '1'.
3/5/2015 7:40:43 AM UserAffinity 3304 (0x0CE8) Clean up agents user logon events...
3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) Retrieving user minutes map...
3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) Loading approved and pending user affinities...
3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) Checking if any pending affinity is approved...
3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) User 'contoso\administrator' in pending affinity is not approved yet
3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) Checking usage minutes per user against current minutes threshold...
3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) User 'contoso\administrator' has 1440 usage minutes
3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) Setting auto affinity for user 'contoso\administrator'.
3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) Found same state message existing. (was sent before) Skip sending same state message for user 'contoso\administrator'..
3/5/2015 7:40:44 AM UserAffinity 3304 (0x0CE8) >>>>>>Finished processing user affinity usage task<<<<<<
UserAffinityProvider.log
====================
3/5/2015 7:40:43 AM UserAffinityProvider 3972 (0x0F84) The state message store path is: 'C:\Windows\CCM\UserAffinityStore.sdf'
3/5/2015 7:40:44 AM UserAffinityProvider 3972 (0x0F84) GetAllInstances - 13 instance(s) of 'CCM_UserLogonEvents' found
3/5/2015 7:40:44 AM UserAffinityProvider 3216 (0x0C90) GetAllInstances - 13 instance(s) of 'CCM_UserLogonEvents' found
Once done it will create a state message which will send to the serve which will update the information ion the database
State message with TopicType 1600 and TopicId contoso/administrator_Auto and State 1 has been updated StateMessage 3/5/2015 1:45:12 PM 4068 (0x0FE4)
State 1 means SET affinity
Sate 2 means REMOVE affinity
Now this state message flows as usual state message and insert in to the database
Hope this would be helpful.
Sudheesh N
This posting /Script is provided "AS IS" with no warranties and confers no rights
Comments
- Anonymous
July 27, 2015
Let's say we change our UDA settings from 2880 minutes over 30 days to 1440 minutes over 15 days. Does UDA then look retroactively at the security event log to recalculate whether a user is primary or not? - Anonymous
September 07, 2015
Hello.
Similar to the above question, does UDA look at event logs retrospectively?
Say we are migrating agents from 2007 to 2012, if UDA is enabled in 2012, and logon events are captured, will UDA be populated for 2012 immediately? - Anonymous
September 07, 2015
additionally, just to confirm, Top Console User has no bearing on UDA? - Anonymous
October 23, 2015
Hey Sudheesh, these are good questions. Why aren't you answering? - Anonymous
February 22, 2016
Bump, please answer these questions!