Report for all administrative actions
It would be nice to have a report to list all administrative actions performed by admins in a CM site. A report similar to "Administration activity log", but not limited to changes in the administrative roles section.
Bob Brendemuehl commented
Whenever a user deletes a status message, there is no record of this within SCCM (SMSProv.log file gets overwritten fairly quickly). I would like to see a new audit status message get created, whenever a status message gets deleted (showing who deleted the status message). This will leave some sort of trace whenever someone deletes a status message.
Based on observation, there does not appear to be Audit logging for changes to cloud services from the MEMCM console. For example, a change was made to firewall and virtual networks but the activity log and Status Messages Queries did not reveal any data about the change.
It would be helpful to know what and when changes were made along with who made them and possibly a section the person who made the change can add a note.
**Attaching a screen of a change that was made without logging.**
Matthew Currie commented
We need an easily to view change log, to monitor who and when items were changes in SCCM.
Eric Hebert commented
A column in every single pane needs to be added for 'Created by'. Some of us have 50+ admins across several orgs using the same MP and infrastructure. Trying to figure out who created a Task Sequence or OS image, for instance, is a nightmare. Trying to enforce an object naming convention is a first step, but you can't make people do it - I can however, see your username and yell at you.
Chris Ward commented
I would like to request that Microsoft add a section in the console, it could be under monitoring, where it shows what actions any of the users that use the console have done. The reason I am requesting this is because we have had problems with users of the console doing applications deployments to device collection that they should of not have done. I need hard evidence from configuration manager that points to the specific user and what actions they did before I can take it up the chain of command.
Patrick Davis commented
The inability to know exactly what changes were made (and by whom) in a task sequence is a significant pain point. Something close what AGPM provides for group policies would be ideal, but even basic auditing capabilities as a starting point would help tremendously.
Nectarios Gritzalis commented
Currently when disabling/modifying the Auditing Status Message filter rules such as "Write audit messages to the site database and specify the period after which the user can delete the messages.", a very generic message is posted to the Status Message log which is the exact same message for any change to any of the Status Message Filter Rules.
It would be more useful, especially "Audit" related filter rule changes, that the specific filter rule changed is specified in the status message, and a not just a generic message.
This will help better in monitoring a auditing hole where, in theory, SCCM audit logging could be disabled, and actions taken in the environment without then being audited.
isn't this what you have with the audit status message query ?
Store "created by" and "modified by" for any object in the console. It is often very helpful, to find out who created a collection, task sequence, package, boundary group, ... and who did the last change. For Application we have that already. For others we currently can only find out by Audit Status messages for the last 180 days.
Dustin Hedges commented
The idea around this is to capture "what was changed" for things such as Updating Package/Deployment Type Content, Changing Application Metadata, Changing CI/Baselines.
The commit description would then also be added into the Revision History so if you had to roll back (or were nosey and wanted to see what was going on) you could look at the revision notes to see what was changed, and who changed it.
The ability to toggle this on/off should be available since not everyone will want this (especially for labs).