Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Protect, detect, and respond—Dataprise keeps your business secure.
Maximize uptime with with industry-leading DRaaS.
Swiftly mitigate cyber threats and restore security.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Empower Your Municipality with Secure, Reliable IT Services
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Grow through acquisition and partnership with Dataprise.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Explore our trusted partnerships with leading tech innovators.
Posts
By: Stephanie Hamrick
Table of content
Here’s how you can check what your SCCM admin is up to.
Open the ‘Monitoring’ tab in SCCM console and find ‘Administration Activity Log’
The next step is to run it and find that most likely the report is empty.
Gotcha!
Fear not, this is quite normal–despite the ‘Administrative Activity Log’ name, this report has almost nothing to do with administration as the purpose of it is to show changes in SCCM permissions within the console (and a few other uninteresting things).
An example of an action that appears in this report is any change to ‘Security Scopes.’ If your SCCM permissions are segmented for say ‘helpdesk scope’ and ‘admin scope,’ an admin making changes to ‘helpdesk’ IS going to log here.
The place we actually need to look at is ‘Monitoring’ -> ‘System Status’ –> ‘All Status Messages’
Running the report will show you all sorts of interesting info, such as who deleted a package. I just removed an old task sequence and sure enough this event is evident in the log within seconds.
‘All Status Messages’ is extremely chatty so if you are looking at filtering out this data more you can run ‘All Audit Status Messages for a Sepecific User’ instead.
In order to capture actions by All Admins you can use ‘All Audit Status Messages from a Specific Site’.
Three more useful reports, which I happen to run all the time, all relate to Packages, Programs, and Deployments: When getting a call from a customer, instead of going through the usual exchange of ‘did you change anything?’ my first step is to go right into the reporting and check what changes have been made, because of course there were changes.
All these reports work the same way: Specify time period and just run it.
Applications has a ‘Last Modified by’ feature visible in the interface even to the users without ‘Reporting’ or ‘Monitoring’ tabs in SCCM. This isn’t particularly useful for anything else other than making sure your Application has not been changed. Furthermore, all changes here are reflected in the logs we discussed previously.
There are many, many other ways to get this info and more of this sort of info, such as creating report subscriptions that can alert you via email every time a change such as the deletion or modification of a production package is made. All the ‘queries’ (these aren’t really reports) are items I happen to use on almost every engagement involving package / application / task sequence build.
JacobR, PEI
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.