enable audit collection on opsmgr agents

2 minute read

Depending on your auditing needs, you might have several hundred to thousands of computers from which you want to collect audit events. By default, the service needed for an agent to be an Audit Collection Services (ACS) forwarder is installed but not enabled when the Operations Manager agent is installed. After you install the ACS collector and database you can then remotely enable this service on multiple agents through the Operations Manager console by running the Enable Audit Collection task.

This procedure should be run after the ACS collector and database are installed and can only be run against computers that already have the Operations Manager agent installed. In addition, the user account that runs this task must belong to the local Administrators group on each agent computer.

To enable audit collection on Operations Manager 2007 agents

  1. Log on to the computer with an account that is a member of the Operations Manager Administrators role for your Operations Manager 2007 Management Group. This account must also have the rights of a local administrator on each agent computer that you want to enable as an ACS forwarder.

  2. In the Operations Console, click the Monitoring button.


When you run the Operations Console on a computer that is not a Management Server, the Connect To Server dialog box displays. In the Server name text box, type the name of the Operations Manager 2007 Management Server that you want the Operations Console to connect to.

  1. In the Monitoring pane, expand Operations Manager, expand Agent, and then click Agent Health State. This view has two panes, and the actions in this procedure are performed in the right pane.


  1. In the details pane, click all agents that you want to enable as ACS forwarders. You can make multiple selections by pressing CTRL or SHIFT.

  2. In the Actions pane, under Health Service Tasks, click Enable Audit Collection. The Run Task – Enable Audit Collection dialog box displays.


  1. In the Task Parameters section, click Override. The Override Task Parameters dialog box displays.

  2. In the Override the task parameters with the new values section, click the CollectorServer parameter; in the New Value column, type the FQDN of the ACS collector; and then click Override.


  1. In the Task credentials section, click Other. In the User Name box, type the name of a user account that belongs to the local Administrators group on the agent computers. In the Password box, type the password for this user account. Click to expand the Domain drop-down list to view the available domains, and then click the domain of the user account.

  2. Click Run Task. The Task Status dialog box displays tracking the progress of the task.


  1. When the task completes successfully, click Close

Watch for this event on your forwarder:



Wait a few minutes and your ready to collect your auditing events!



Alexandre verkinderen



Tags van Technorati: ,,,

Leave a comment