Re: User Audit Logon tool
- From: "Bryan McDaniel" <bmcdaniel@xxxxxxxxxxx>
- Date: Tue, 1 Nov 2005 10:51:08 -0500
I am also having issues with this tool. After changing the SMS_Def.mof file
and initiating a policy update. When I run the Hardware Inventory, I am
getting the following two errors in my inventory agent log.
Unknown error encountered processing an instance of class UserLogonInfo:
80041017 InventoryAgent 11/01/2005 10:46:22 2080 (0x0820)
Collection: (80041017) Execute: Query failed InventoryAgent 11/01/2005
10:46:22 2080 (0x0820)
And when I use WMI tools to view the instances....it says taht there are no
instances. Is there something I need to do to initiate the query on the
system log, in order for it to write to the WMI db? I'm new to WMI, and am
fumbling through right now.
Bryan McDaniel
Technical Support Specialist II
Information Systems
Cardinal Health Systems Inc.
"Michael Wade" <Michael Wade@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1E53CC8B-EA06-4FFF-9AAB-C6857B8EF301@xxxxxxxxxxxxxxxx
> Hi,
>
> I tried installing the User Logon Audit tool I downloaded from Centerlogic's
> website. I'm having a bit of an issue getting it up and running.
>
> I have a single SMS 2003 SP1 server.
>
> I followed the directions in thedocumentation. Here is where I stand:
>
> Enabled security event logs and verified "528" auth events in viewer on
> client.
>
> Added code to sms_def.mof, ran mofcomp -check for syntax and mofcomp'd on
> both the server and the client.
>
> Ran the userinfologon executable to push up inventory information into
> SMS.
>
> Performed policy refresh, then hardware inventory. The clients I mofcomp'd
> are returning this information in the inventoryagent.log:
>
> Collection: Namespace = \\.\root\cimv2; Query = SELECT __CLASS, __PATH,
> __RELPATH, FullUserName, LastUpdated, LogonCount, MostRecentEventDate,
> UserDomain, UserGroups, UserName, UserRank FROM UserLogonInfo; Timeout =
> 600
> secs. InventoryAgent 10/25/2005 2:58:29 PM 7488 (0x1D40)
> Unknown error encountered processing an instance of class UserLogonInfo:
> 80041017 InventoryAgent 10/25/2005 2:58:29 PM 7488 (0x1D40)
> Collection: (80041017) Execute: Query failed InventoryAgent 10/25/2005
> 2:58:29 PM 7488 (0x1D40)
>
> The information never shows up in resource explorer.
>
> Using wbemtest, on the client I logged onto root\cimv2 and enumerated
> recursively.
>
> There is indeed a UserInfoLogon class.
>
> If I click on instances, I see there is data here. I can see my user
> name.
>
> However, after several days, the clients are still reporting the query
> errors and none of it is being shown in resource explorer.
>
> So, I'm a bit confused and maybe even in slightly over my head. I'm good
> with SMS, and I fumble my way around WMI.
>
> It looks like it got my user name, but not sure why in the list field it
> is
> null. I did run the userlogoninfo executable a few times just to make
> sure
> data was being pushed up into WMI.
>
> I tried rebuilding the WMI repository from scratch on both the site server
> and the client (tried 2 different clients with the same results).
>
> As an FYI, in wbemtest, under Instances, if I double click on the above
> instance (with my name on it), it seems to "populate" the null fields in
> the
> class data. I don't know if this is normal or not.
>
> I'm afraid I may have overlooked something simple.
>
> Any thoughts? Your help is greatly appreciated. Please reply to
> mwade@xxxxxxxxxxx or on this group.
>
> Michael Wade
> Senior Technical Support Engineer
> Phillips Academy
> 180 Main St.
> Andover, MA 01810
> 978-749-4604
> 978-749-4356 (fax)
> http://www.andover.edu
>
>
.
- Follow-Ups:
- Re: User Audit Logon tool
- From: Joseph Calabig [MSFT]
- Re: User Audit Logon tool
- Next by Date: Monitor Information
- Next by thread: Re: User Audit Logon tool
- Index(es):
Relevant Pages
|
Loading
