So after some digging I've found what is needed...
I can pull from a number of parts of security events on the BE server, but
the key was to find Event ID 540 with a given user name. We're using ISA,
which has an IP of 172.16.134.180 and OWA has an IP of 172.16.134.158.
By taking the Event ID, username, and IP, I can have a MOM report to nicely
put together the information.
This event shows up when I connect in via RPC over HTTPS:
==========
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 2/23/2006
Time: 10:31:11 AM
User: XXXXXXXXXX\hrappaport1747
Computer: INSPEXB101
Description:
Successful Network Logon:
User Name: hrappaport1747
Domain: XXXXXXXXXX
Logon ID: (0x0,0x110D25C3)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: CHALLENGER
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 172.16.134.180
Source Port: 0
==========
This event shows up when I connect in via OWA:
==========
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 2/23/2006
Time: 10:31:03 AM
User: XXXXXXXXXX\hrappaport1747
Computer: INSPEXB101
Description:
Successful Network Logon:
User Name: hrappaport1747
Domain: XXXXXXXXXX
Logon ID: (0x0,0x110CF9F5)
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name:
Logon GUID: {d15183ad-f268-c6a7-db97-7fe2a5ae96f5}
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 172.16.134.158
Source Port: 37731
==========
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Howard
Rappaport
Sent: Monday, February 20, 2006 9:40 AM
To: Exchange Discussions
Subject: Tracking client version usage
I'm looking to track client version usage across my exchange org ...
ESM so nicely displays the version of the current client(s) connected. I'd
like to be able to see each connection made by each user. Specifically I'm
looking for the logon time, client version, and anything to uniquely
identify the person.
We're looking to track client usage overall, within specific departments /
orgs, and at the individual level for future planning...
Thoughts on ways I might look to gather this data?
Howie
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: http://e-newsletters.internet.com/discussionlists.html/
To unsubscribe send a blank email to
[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: http://e-newsletters.internet.com/discussionlists.html/
To unsubscribe send a blank email to [EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.
