Managing Privacy: User Access Logging and Resulting Internet Communication

 

Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8

In this section

Benefits and purposes of User Access Logging

User and device-related data recorded with User Access Logging

Viewing or changing settings that affect User Access Logging

Additional references

This section provides overview information about User Access Logging and information about some settings that affect User Access Logging. The section also provides suggestions for other sources of information about User Access Logging to help you balance your organization’s requirements for communication across the Internet with your organization’s requirements for protection of networked assets. It is beyond the scope of this document to describe all aspects of maintaining appropriate levels of privacy and security in an organization running servers that use User Access Logging.

Benefits and purposes of User Access Logging

User Access Logging aggregates unique client device and user request events that are logged into a local database. These records are made available (through a query by a server administrator) to retrieve quantities and instances by server role, by user, by device, by the local server, and by date. In addition, User Access Logging has been extended to enable non-Microsoft software developers to instrument User Access Logging events that are to be aggregated by the server. No data collected by User Access Logging is sent to Microsoft.

This information can be useful to server administrators at all levels. User Access Logging can assist server administrators in performing the following tasks:

  • Quantify client user requests for local physical or virtual servers.

  • Quantify client user requests for installed software products on a physical computer or virtual machine.

  • Retrieve User Access Logging data from multiple remote physical or virtual servers.

Important

User Access Logging is not recommended for use on servers that are connected directly to the Internet, such as web servers on an Internet-accessible address space; and it is not recommended in scenarios where extremely high performance is the primary function of the server (such as in high-performance computing workload environments). User Access Logging is primarily intended for small, medium, and enterprise intranet scenarios where high volume is expected, but not as high as many deployments that serve Internet-facing traffic volume on a regular basis.

The following user-related data is logged with User Access Logging.

Data

Description

ActivityCount

Number of times a particular user has accessed the service.

FirstSeen

Date and time when a user first accesses a role or service.

LastSeen

Date and time when a user last accessed a role or service.

ProductName

Name of the software parent product (such as Windows) that is providing User Access Logging data.

RoleGUID

GUID that is assigned or registered by User Access Logging, which represents the server role or installed product.

RoleName

Name of the role, component, or subproduct that is providing User Access Logging data. This is also associated with a ProductName and a RoleGUID.

TenantIdentifier  

Unique GUID for a tenant client of an installed role or for a product that accompanies the User Access Logging data, if applicable.

UserName

User name on the client that accompanies the User Access Logging entries from installed roles and products, if applicable.

PSComputerName

Name of the target server when you query User Access Logging data from a remote computer.

  

  

The following device-related data is logged with User Access Logging.

Data

Description

ActivityCount

Number of times a particular device has been used to access the service.

FirstSeen

Date and time when an IP address is first used to access a role or service.

IPAddress

IP address of a client device that is used to access a role or service.

LastSeen

Date and time when an IP address was last used to access a role or service.

ProductName

Name of the software parent product (such as Windows) that is providing User Access Logging data.

RoleGUID

GUID that is assigned or registered by User Access Logging, which represents the server role or installed product.

RoleName

Name of the role, component, or subproduct that is providing User Access Logging data.

TenantIdentifier

Unique GUID for a tenant client of an installed role or for a product that accompanies the User Access Logging data, if applicable.

PSComputerName

Name of the target server when you query User Access Logging data from a remote computer.

Viewing or changing settings that affect User Access Logging

You can disable or enable User Access Logging, and collect and delete data that is recorded by using User Access Logging. For more information, see Manage User Access Logging.

Additional references

User Access Logging Overview

Manage User Access Logging

Software Inventory Logging