Managing Privacy: User Access Logging and Resulting Internet Communication
Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8
In this section
Benefits and purposes of User Access Logging
User and device-related data recorded with User Access Logging
Viewing or changing settings that affect User Access Logging
This section provides overview information about User Access Logging and information about some settings that affect User Access Logging. The section also provides suggestions for other sources of information about User Access Logging to help you balance your organization’s requirements for communication across the Internet with your organization’s requirements for protection of networked assets. It is beyond the scope of this document to describe all aspects of maintaining appropriate levels of privacy and security in an organization running servers that use User Access Logging.
Benefits and purposes of User Access Logging
User Access Logging aggregates unique client device and user request events that are logged into a local database. These records are made available (through a query by a server administrator) to retrieve quantities and instances by server role, by user, by device, by the local server, and by date. In addition, User Access Logging has been extended to enable non-Microsoft software developers to instrument User Access Logging events that are to be aggregated by the server. No data collected by User Access Logging is sent to Microsoft.
This information can be useful to server administrators at all levels. User Access Logging can assist server administrators in performing the following tasks:
Quantify client user requests for local physical or virtual servers.
Quantify client user requests for installed software products on a physical computer or virtual machine.
Retrieve User Access Logging data from multiple remote physical or virtual servers.
Important
User Access Logging is not recommended for use on servers that are connected directly to the Internet, such as web servers on an Internet-accessible address space; and it is not recommended in scenarios where extremely high performance is the primary function of the server (such as in high-performance computing workload environments). User Access Logging is primarily intended for small, medium, and enterprise intranet scenarios where high volume is expected, but not as high as many deployments that serve Internet-facing traffic volume on a regular basis.
User and device-related data recorded with User Access Logging
The following user-related data is logged with User Access Logging.
Data |
Description |
---|---|
ActivityCount |
Number of times a particular user has accessed the service. |
FirstSeen |
Date and time when a user first accesses a role or service. |
LastSeen |
Date and time when a user last accessed a role or service. |
ProductName |
Name of the software parent product (such as Windows) that is providing User Access Logging data. |
RoleGUID |
GUID that is assigned or registered by User Access Logging, which represents the server role or installed product. |
RoleName |
Name of the role, component, or subproduct that is providing User Access Logging data. This is also associated with a ProductName and a RoleGUID. |
TenantIdentifier |
Unique GUID for a tenant client of an installed role or for a product that accompanies the User Access Logging data, if applicable. |
UserName |
User name on the client that accompanies the User Access Logging entries from installed roles and products, if applicable. |
PSComputerName |
Name of the target server when you query User Access Logging data from a remote computer. |
The following device-related data is logged with User Access Logging.
Data |
Description |
---|---|
ActivityCount |
Number of times a particular device has been used to access the service. |
FirstSeen |
Date and time when an IP address is first used to access a role or service. |
IPAddress |
IP address of a client device that is used to access a role or service. |
LastSeen |
Date and time when an IP address was last used to access a role or service. |
ProductName |
Name of the software parent product (such as Windows) that is providing User Access Logging data. |
RoleGUID |
GUID that is assigned or registered by User Access Logging, which represents the server role or installed product. |
RoleName |
Name of the role, component, or subproduct that is providing User Access Logging data. |
TenantIdentifier |
Unique GUID for a tenant client of an installed role or for a product that accompanies the User Access Logging data, if applicable. |
PSComputerName |
Name of the target server when you query User Access Logging data from a remote computer. |
Viewing or changing settings that affect User Access Logging
You can disable or enable User Access Logging, and collect and delete data that is recorded by using User Access Logging. For more information, see Manage User Access Logging.