Trace Changes in SCCM via Audit Messages

Who deleted the Collection? Who Modified the Collection? Who Deployed the application? SCCM Audit Reports?

The SCCM Audit Status messages will help you get answers for most of the accidental issues that happen in the SCCM environment. In this video, we will see how to trace who deleted or modified, or changed SCCM Settings.

SCCM Audit Status Messages Track Who Deleted Modified Changed Settings

How to Trace SCCM Deletions

SCCM Audit Status messages

The above video tutorial will provide more details about the details audit messages. How many default audit reports are available in SCCM? How many SCCM audit status messages are stored in SCCM etc.

SCCM Audit Trace Changes in SCCM via Audit Messages
Trace Changes in SCCM via Audit Messages

Report name Description ( SCCM audit ) Administration activity log – Displays a record of administrative changes made for administrative users, security roles, security scopes, and collections.

Administrative user’s security assignments Display administrative users, their associated security roles, and the security scopes associated with each security role for each user.

Objects secured by a single security scope Displays objects that an administrator assigned to only the specified security scope. This report does not display objects that an administrator associates with more than one security scope.

Security for a specific or multiple Configuration Manager objects Displays securable objects, the security scopes associated with the objects, and which administrative users have rights to the objects.  SCCM audit reports.

Security roles summary Displays security roles and the Configuration Manager administrators associated with each role.

SCCM audit: Security scopes summary Displays security scopes and the Configuration Manager administrative users and security groups associated with each scope.


Latest SCCM Related Posts –

Leave a Comment