Académique Documents
Professionnel Documents
Culture Documents
Published: July, 2011 For the latest information, please see http://www.microsoft.com/map
Copyright 2011 Microsoft Corporation. All rights reserved. Complying with the applicable copyright laws is your responsibility. By using or providing feedback on this documentation, you agree to the license agreement below. If you are using this documentation solely for non-commercial purposes internally within YOUR company or organization, then this documentation is licensed to you under the Creative Commons AttributionNonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA. This documentation is provided to you for informational purposes only, and is provided to you entirely "AS IS". Your use of the documentation cannot be understood as substituting for customized service and information that might be developed by Microsoft Corporation for a particular user based upon that users particular environment. To the extent permitted by law, MICROSOFT MAKES NO WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, AND ASSUMES NO LIABILITY TO YOU FOR ANY DAMAGES OF ANY TYPE IN CONNECTION WITH THESE MATERIALS OR ANY INTELLECTUAL PROPERTY IN THEM. Microsoft may have patents, patent applications, trademarks, or other intellectual property rights covering subject matter within this documentation. Except as provided in a separate agreement from Microsoft, your use of this document does not give you any license to these patents, trademarks or other intellectual property. Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places and events depicted herein are fictitious. Microsoft, Active Directory, Excel, SharePoint, Windows, Windows Server and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries and regions. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. You have no obligation to give Microsoft any suggestions, comments or other feedback ("Feedback") relating to the documentation. However, if you do provide any Feedback to Microsoft then you provide to Microsoft, without charge, the right to use, share and commercialize your Feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software or service that includes the Feedback. You will not give Feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your Feedback in them.
microsoft.com/solutionaccelerators
Contents
microsoft.com/solutionaccelerators
Over view
The Software Usage Tracker feature in the Microsoft Assessment and Planning (MAP) Toolkit helps gather data on users and devices that access Microsoft core server products in your environment. This data can significantly simplify the inventory process for client access license (CAL) reporting. This document provides instructions on how to use the Usage Tracker. For more information about which Microsoft server product versions Usage Tracker reports on, see Appendix A, Supported Server Products.
Reporting Limitations
The information in the Software Usage Tracker reports that the MAP Toolkit generates are subject to many limitations. The information these reports contain does not constitute legal, accounting, or other professional advice. These reports are for informational purposes only and should not be used as the sole source of information for determining software license usage compliance. Software Usage Tracker reports should be used as a baseline for CAL usage analysis rather than as an authoritative summary of software usage. Due to the wide variety of ways that software can be deployed and inventoried in your environment, the Software Usage Tracker cannot always produce accurate counts of server software and access to that software. For more information about scenarios that could lead to inaccurate reporting, see Appendix B, Examples of Limiting Scenarios.
microsoft.com/solutionaccelerators
To use Auditpol.exe to configure the Audit object access setting for Windows Vista or Windows Server 2008 or later 1. Open a command prompt with administrative permissions. a. On the Start menu, point to All Programs, point to Accessories, right-click Command Prompt, and then click Run as administrator. b. If the User Account Control dialog box opens, click Continue. 2. Run the following statement to enable auditing from SQL Server. auditpol /set /subcategory:"application generated" /success:enable /failure:enable 3. Close the command prompt window. This setting takes effect immediately. To use Secpol.msc to configure the Audit object access setting for Windows operating systems earlier than Windows Vista or Windows Server 2008 1. On the Start menu, click Run. 2. Type secpol.msc and then click OK. If the User Access Control dialog box appears, click Continue. 3. In the Local Security Policy tool, expand Security Settings, expand Local Policies, and then click Audit Policy. 4. In the results pane, double-click Audit object access. 5. On the Local Security Setting tab, in the Audit these attempts area, select both Success and Failure. 6. Click OK. 7. Close the Security Policy tool. This setting takes effect immediately. To use Secpol.msc to grant the Generate Security Audits permission to an account 1. On the Start menu, click Run. 2. Type secpol.msc and then click OK. If the User Access Control dialog box appears, click Continue. 3. In the Local Security Policy tool, expand Security Settings, expand Local Policies, and then click User Rights Assignment. 4. In the results pane, double-click Generate security audits. 5. On the Local Security Setting tab, click Add User or Group. 6. In the Select Users, Computers, or Groups dialog box, either type the name of the user account, such as domain1\user1 and then click OK, or click Advanced and search for the account. 7. Click OK. 8. Close the Security Policy tool. This setting takes effect when SQL Server is restarted.
microsoft.com/solutionaccelerators
To stop monitoring SQL Server 2008 logon events to the Windows Security log If you want to stop monitoring logon events for SQL Server 2008, on each SQL Server 2008 instance for which you want to stop monitoring events, run the following SQL command. /* Turn LOGIN logging off */ use MASTER GO ALTER SERVER AUDIT SPECIFICATION [login_audit] WITH (STATE = OFF); DROP SERVER AUDIT SPECIFICATION [login_audit]; ALTER SERVER AUDIT [Server_Audit] WITH (STATE = OFF); DROP SERVER AUDIT [Server_Audit];
Note For more information about how to configure these security settings, see How to: Write Server Audit Events to the Security Log at http://msdn.microsoft.com/enus/library/cc645889.aspx.
You must configure IIS logging in the W3C log file format (called "W3C Extended" on some operating systems) with the following fields included: date time s-sitename s-computername s-ip s-port cs-uri-stem cs-uri-query cs-username c-ip sc-status SharePoint or IIS administrators might use W3C logging for other reasons. If these administrators require additional fields to be logged, they can add those fields to the configuration. However, administrators should not remove any of the fields that the Usage Tracker requires. For information about enabling W3C logging in IIS, see: Configuring Logging in IIS 7 on Microsoft TechNet at http://technet.microsoft.com/enus/library/cc732079(WS.10).aspx. How to enable logging in Internet Information Services (IIS) at http://support.microsoft.com/kb/313437.
microsoft.com/solutionaccelerators
Specify Credentials
The process of identifying server roles and tracking usage in your environment requires different types of collector technology, depending on the software usage you choose to report on. Each technology requires its own credentials.
Note For more information about how to specify credentials, see the Discovery Methods section in MAP Help.
These technologies are: Windows Management Instrumentation (WMI). Product information is found in WMI on discovered computers. The Inventory and Assessment Wizard uses this information to locate the servers that have the software you chose to track. System Center Configuration Manager. MAP can discover and collect hardware, software, and usage details from System Center Configuration Manager. If you want to use this method, you need to provide credentials for the SMS Provider of the Configuration Manager server you want to use for discovery. MAP collects information about all the clients managed by any Configuration Manager site known by the Configuration Manager server for which credentials are provided. To learn more about the required permissions for accessing the SMS Provider, see About the SMS Admins Group on Microsoft TechNet. SQL Server. In addition to WMI, MAP collects certain information directly from each SQL Server instance. If you need to collect usage information from SQL Server, you need to provide credentials to SQL Servers running on your network. Active Directory Domain Services (AD DS). Microsoft Exchange mailbox and server configuration information is located in AD DS. The MAP Toolkit requires credentials that have access to read the Active Directory schema from the root forest of your environment.
microsoft.com/solutionaccelerators
Table 1. Credentials Required for Inventory Server Product Windows Server System Center Configuration Manager Microsoft SharePoint Server Exchange Server Inventory Scenario Collector Technology Credentials Account: Password: Account: Password: Account: Password: Account: Password: Account: Password: Account: Password: Account: Password: Account: Password: Account: Password:
Windows-based WMI computers Windows-based SMS Provider computers WMI Windows-based WMI computers Exchange Server Active Directory WMI
SQL Server
Note To assess Exchange Server usage, the MAP Toolkit collects information about active mailboxes in Active Directory Domain Services (AD DS). The credentials that you provide should have the required privileges to enumerate mailboxes, groups, and users in AD DS. To assess Configuration Manager agent count, the MAP Toolkit collects information from the Configuration Manager servers. The credentials that you provide should have adequate privileges to collect data from the Configuration Manager server you supply.
microsoft.com/solutionaccelerators
microsoft.com/solutionaccelerators
On the SCCM Server and Credentials page, in the appropriate text boxes, enter the name of the Configuration Manager primary site server at the top of the System Center Configuration Manager hiearchy against which you want to track usage. The primary site entered and all of its child sites will be included in Configuration Manager software usage reports. Enter the credentials required to access the Configuration Manager WMI provider on the site server you provided. Click Next.
microsoft.com/solutionaccelerators
10
Figure 5. The All Computers Credentials page before you create accounts On the All Computers Credentials page, click Create to create the accounts that the Inventory and Assessment Wizard uses to complete the inventory process for the collector technologies (WMI, SQL Server, and so on) that you need to use, as specified earlier.
11
In the Account Entry dialog box, in the Credential section, fill in the appropriate boxes to create a new account. In the Technology section, select the check boxes that correspond to the technologies to which this account applies, and then click Save to save this account or click Save and New if you need to create additional accounts.
microsoft.com/solutionaccelerators
12
Par se Logs
Note You only need to parse logs for the software listed in the Configure Log Files section of this guide. If you are tracking usage on server software that does not require log files, you can skip this section and move on to the Analyze the Results section.
For accurate analysis of software usage in your environment, you will need to ensure that your computers have generated logs for the appropriate time period. We recommend that you have 90 days of log files generated prior to proceeding. After you confirm that your logs have been accumulated for the appropriate amount of time, and you have finished the inventory process, you are ready to parse the logs and analyze software usage. To proceed, copy all relevant Windows and IIS logs from your servers, and store them in a location that is accessible by the computer that is running the MAP Toolkit (and by the logged on user).
Important Before you parse the log files, ensure that you inventory the servers that created the log files you want to parse. You must connect the MAP Toolkit to the appropriate MAP database (the database that contains the inventory data of the servers from which the logs came.) This is necessary because, for proper data processing, the data from parsing the logs must be mapped to the inventoried servers. Only parse log files for supported software versions and editions. See Appendix A, Supported Server Products, in this document for a complete list of supported software.
microsoft.com/solutionaccelerators
13
To parse logs 1. In the MAP Toolkit, click the Software Usage Tracker wunderbar, and then, in the navigation pane, click Log Parsing Overview.
Figure 9. Log Parsing Overview 2. In the results pane, click Configure Log Parser. The Specify Log File Paths dialog box opens. 3. Click the Add button. The Browse for Folder dialog box opens. 4. Choose the directory on the local computer where the files are located. If the files are in a shared network directory, in the Folder box, type the shared path, for example \\server_name\logs\. The MAP Toolkit does not perform a recursive folder search, so you must list the full directory structure name for each location of log files you want parsed. 5. After you add all the directories where the log files reside to the Specify Log File Paths dialog box, click Save. The Log Parsing Overview page opens. 6. Click Parse Logs. A Status dialog box opens to show the progress of the log parsing process. 7. In the navigation pane, expand the Log Parsing Overview node and then click Log Files to monitor the results of the files as they are being parsed. The information shown is static. To refresh the pane and view the most current status, click Log Files again.
microsoft.com/solutionaccelerators
14
Figure 10. The Log Files pane The Log Files pane shows data about the logs being parsed, including: Processed. The number of log files that have been parsed. Unprocessed. The number of log files that have yet to be parsed. Errored. The number of log files that could not be parsed completely due to errors in the format of the log file. Some events in an Errored log file may be parsed if the row that has the event is in the correct format. Total. The total number of log files that the Log Parser attempted to parse. This value should be equal to the total number of log files in the directories you configured for the Log Parser. Computer System Name. The name of the server that logged the event. You can also choose to group the displayed information by Log File Name. Log File Name. The name of the log file being parsed. Events. The number of events contained in the log file. Start Date. The date of the first logged event. End Date. The date of the last logged event.
microsoft.com/solutionaccelerators
15
8. In the navigation pane, click Instance Summary to view a summary of the parsed data held in the current MAP database.
Figure 11. Instance Summary pane The Instance Summary pane shows data that came from the parsed log files, including: Software Instance. The name of the server software that was inventoried. Computer System Name. The name of the computer hosting the server software. You can also choose to group the displayed information by Software Instance. Start Date. Event time stamp for the first event recorded in the log. End Date. Event time stamp for the last event recorded in the log. User Count. The total number of users associated with an authorized logon. Device Count. The total number of devices associated with an authorized logon.
Each of these reports allows you to quickly filter results to find detailed information about each Microsoft core server product discovered during the inventory process, and authenticated access to each product. You can use these reports to help determine your server license and CAL needs for the server products.
microsoft.com/solutionaccelerators
16
To analyze the results, you need to: Review the software usage summary Interpret reports Use report data
microsoft.com/solutionaccelerators
17
Figure 13. Configure Date Range dialog box 2. Click the Range drop-down list to select a given range or click Custom to set your own dates, and then click Save. You have the option to select: Custom. The date range that you set must be within the span of time for which events exist in parsed logs. Therefore, it must begin no earlier than the first recorded date for an event, and end no later than the last recorded date for an event. In addition, the end date cannot be after the current date. Earliest to date. This option sets the date range from the earliest recorded client access date to the current date for inventoried server products. If you are viewing a combination of server products, the earliest date of any one of the combined products is used.
Note For server products that use parsed log files, this date is the earliest date found among all log files parsed. For server products that use MAP inventory data, this date is the date of the inventory.
Past 7 days. The past seven days including the current date. Past 30 days. The past 30 days including the current date. Past 60 days. The past 60 days including the current date. Past 90 days. The past 90 days including the current date. The date range that you configure is used for all software usage reports generated and will show at the top of each report pane you view.
Note The format for the start and end dates in the Log Files and Instance Summary panes is as follows: yyyy-mm-dd hh:mm:ss UTC For example, 2010-03-09 12:45:21 would be March 9th in the year 2010 at 12:45 and 21 seconds P.M. Coordinated Universal Time (UTC).
microsoft.com/solutionaccelerators
18
Figure 14. Combined Product Distinct Usage summary To configure the Combined Products Distinct Usage summary 1. In the Actions pane, click the Configure Combined Products task. The Configure Combined Products dialog box appears.
Figure 15. The Configure Combined Products dialog box 2. Select the check boxes for the products you want to combine for reporting, and then click Save. On the Software Usage Summary pane, the list of products you chose to report on will be listed above the table that summarizes distinct usage of combined products.
microsoft.com/solutionaccelerators
19
Interpret Reports
You can use Software Usage reports to help verify compliance and analyze current licensing needs. Summary reports provide a count of users or devices for all servers of a given type for the date range that you configure. Detailed reports provide information about specific users or devices and the servers they accessed. You can use these reports to analyze software usage to determine whether device CALs or user CALs would more effectively meet your needs. Software Usage reports should be used as a baseline for CAL usage analysis rather than as an authoritative summary of software usage. Additionally, the number of servers from which software usage is reported might differ from the number of servers inventoried if the security event logs for all servers are not configured to log success logon events.
Generate Reports
At any time while viewing reports in the Software Usage Summary pane or in a specific server product pane, you can generate a report. To create a report, in the Actions pane, click the Generate Report task. If you click the Generate Report task while viewing the Software Usage Summary pane, the tool will generate a report for each server product. The Combined Products Distinct Usage summary data is not generated as a report. To generate a report on only one product, in the navigation pane, browse to the node for the product for which you want to generate a report, and then, in the Actions pane, click Generate Report.
Note To ensure you have the most accurate information, run an inventory just prior to parsing log files and generating reports.
Summary Results
To view a summary of the data before generating a full software usage report, expand the Software Usage Summary node in the navigation pane, and then click the name of a server product. The results pane displays an overview of the usage data for each server product version and edition.
Detailed Reports
For each server product for which you configured usage tracking, there will be a detailed report. The detailed reports, which are generated as Excel workbooks, have inventory and usage data detailed for each server on which the product is installed. You can use the detailed report to filter for the information required for determining license usage for server product and client access. Each detailed report has several worksheets. The following sections describe the information listed in each worksheet.
Note You may find additional product-specific worksheets in some of the Usage Tracker reports. For example, the Exchange Server Report has a mailbox worksheet that provides details about various mailboxes. The System Center Configuration Manager report does not have a Log File Details worksheet because log files are not used to track Configuration Manager servers or clients.
microsoft.com/solutionaccelerators
20
21
microsoft.com/solutionaccelerators
22
Windows Server
Windows Server 2008 R2 Windows Server 2008 Windows Server 2003 R2 Windows Server 2003 Windows Server 2000 SQL Server 2008 R2 SQL Server 2008 Office SharePoint Server 2010 Office SharePoint Server 2007 Office SharePoint Portal Server 2003 Exchange Server 2010 Exchange Server 2007 Exchange Server 2003 Configuration Manager 2007 R2 Configuration Manager 2007 Systems Management Server 2003 R2 Systems Management Server 2003
Additional Information
All editions of the listed server products that require a server license are reported in the Software Usage Tracker report for that server product. SQL Server 2008 Enterprise and Datacenter editions are the only SQL Server editions that MAP Toolkit will report usage on. All other editions will not be reported on for server license information.
microsoft.com/solutionaccelerators
23
microsoft.com/solutionaccelerators
24
A ppendix C: Manuall y Deter mine Of fice Shar ePoint Ser ver Edition
This appendix describes how to use manual methods to determine which edition of Office SharePoint Server you are running.
Figure 16. Enterprise Feature Set Selected Otherwise, the Standard option is selected and the controls will be active to allow you to upgrade to Enterprise. MAP inventory looks at a registry key on the system to determine whether a server running Office SharePoint Server 2007 is Enterprise or Standard. The registry location for Office SharePoint Server 2007 is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Office Server\12.0. The key named OfficeServerPremium will have the value 1 for an Enterprise server, and 0 for a Standard server.
25
If your farm is Enterprise, the Current License section will indicate SharePoint Server with Enterprise Client Access License.
Figure 17. Current License Set as Enterprise Client Access If your farm is Standard, the Current License section will indicate SharePoint Server with Standard Client Access License and controls will be active to allow you to upgrade to Office SharePoint Server with Enterprise Access License. MAP inventory looks at a registry key on the system to determine whether a server running Office SharePoint Server 2010 is Enterprise or Standard. The registry location for Office SharePoint Server 2010 is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Shared Tools\Web Server Extensions\14.0\WSS\InstalledProducts. Within this location, there will be keys named with GUIDs. The following values for the key named with the GUID {90140000-110D-0000-1000-0000000FF1CE} indicate license type: 88BED06D-8C6B-4E62-AB01-546D6005FE97 = Enterprise trial D5595F62-449B-4061-B0B2-0CBAD410BB51 = Enterprise licensed B2C0B444-3914-4ACB-A0B8-7CF50A8F7AA0 = Standard trial 3FDFBCC8-B3E4-4482-91FA-122C6432805C = Standard licensed
microsoft.com/solutionaccelerators