Trace Changes in SCCM via Audit Messages

Photo credit: Disney Animation

Who deleted the Collection? Who Modified the Collection? Who Deployed the application? SCCM Audit Reports?

The SCCM Audit Status messages will help you get answers for most of the accidental issues happen in SCCM environment. In this video, we will see how to trace who deleted or modified or changed SCCM Settings.

1 How to Trace SCCM Deletions

Who deleted the SCCM collection?
Who Deleted the packages?
Who Created the application?
Who Modified the Collections?
Who created/deleted Azure Services? 
Who Approved the Script?
Who started the download of updates and Servicing package?
Who deleted the collection?, Who removed the member of a collection?, Who modified the collection query?
Who deployed/deleted application or package or Task Sequence?
Who removed/modified the Boundary or Boundary Group?
Who installed/deleted site system server roles?
Who changed/deleted the client settings?
Who took the remote control of the machine?

2 SCCM Audit Status messages

The above video tutorial will provide more details about the details of audit messages. How many default audit reports are available in SCCM? How many SCCM audit status messages are stored in SCCM etc.

3 SCCM Administrative Security

The following six reports are listed under the Administrative Security category.

Report name Description ( SCCM audit ) Administration activity log – Displays a record of administrative changes made for administrative users, security roles, security scopes, and collections.

Administrative users security assignments Displays administrative users, their associated security roles, and the security scopes associated with each security role for each user.

Objects secured by a single security scope Displays objects that an administrator assigned to only the specified security scope. This report does not display objects that an administrator associates with more than one security scope.

Security for a specific or multiple Configuration Manager objects Displays securable objects, the security scopes associated with the objects, and which administrative users have rights to the objects.  SCCM audit reports.

Security roles summary Displays security roles and the Configuration Manager administrators associated with each role.

SCCM audit : Security scopes summary Displays security scopes and the Configuration Manager administrative users and security groups associated with each scope.

Resources

Latest SCCM Related Posts – https://howtomanagedevices.com/sccm/

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More