Platform
- Platform
- Platform Overview
  All Technology Asset Intelligence in 1 place.
- Asset Discovery
  In-depth discovery across the technology estate.
- Asset Inventory
  All asset data unified in one place.
- Asset Analytics
  Empower your decision-making with trusted data.
TRY NOW
Why Lansweeper?
- Why Lansweeper?
- Why Lansweeper?
  Lansweeper helps you to minimize risks and optimize your IT by providing actionable insight into your entire technology estate.
- By Role
  Complete visibility for everyone.
  For System Administrators For IT Managers For C-suite For Cybersecurity Teams For IT Support For MSPs
- By Use Case
  Fuel any IT scenario.
  Discover & Inventory My IT Assets OT Asset Management Replace Inventory Spreadsheets Enhance Cybersecurity Improve CMDB Data Quality Achieve Service Desk Excellence
- By Industry
  Flexibility for your industry.
  Education Healthcare Manufacturing Public Sector
TRY NOW
Integrations
Partners
- Partners
- Partner Ecosystem
  Leverage the power of our data to accelerate growth.
- MSP
  Exceed customer expectations with data-driven managed services.
- ISV Technology Partners
  Integrate or embed our technology to build smarter solutions.
- Channel Partners
  Whether you service, distribute, consult, or resell – we have partner programs to help you grow.
- Find a partner
  Find a trusted Lansweeper certified partner.
TRY NOW
Pricing
Resources
- Resources
- Resources
  Browse resources tailored to your needs.
- Blog
  Discover the latest product news, pro tips, and more.
- Support Help Center
  Need help? Browse extensive resources.
- Success Stories
- Ebooks & White Papers
  Detailed documents you can download for free.
- Webinars & Events
  Register for live or virtual events.
- Report Library
  Browse our extensive audit report library.
- Community
  Start a conversation with your peers.
- Developer Portal
TRY NOW

TRY NOW

Pro Tips

Software Usage Metering

4 min. read

29/09/2023

By Esben Dochy

Pro Tips with Esben #46

One thing Jacob, our new Cost and efficiency Evangelist, brought to my attention is that there are quite a number of people who would like to see Lansweeper do scanning software usage or software metering. Lansweeper doesn’t offer this functionality, but this month, we’ll explore what you can do to see if specific software is being used.

Lansweeper has multiple tools that can be used to discover information about software. Obviously, it scans all of the software installed on your devices, which is the basis of this whole endeavor. Additionally, there are more advanced scanning options like registry scanning and file property scanning, and even event log scanning.

Prerequisites and Best Practices

After quite some brainstorming with Jacob, we went over a number of options ranging from using file property scanning to custom PowerShell scripts. Eventually, we discovered that there is no perfect solution as some options we explored either flat out didn’t work, and others were never 100% accurate. Eventually, we settled on using the event log. It seems to be the best method of capturing software usage accurately, at the potential cost of being less optimal for very large environments. Using the event 4688(S) we can see exactly when a process is created. This information in the event log gives us a lot of possibilities for reporting later on.

Scan Success Audit Events

However, this does introduce some prerequisites and best practices. First, you’ll need to enable “success audit events” scanning in the server options.

success event log scanning.png

Event Log Scanning Best Practises

Scanning event log data, especially with thousands of machines can be very data-intensive and resource-intensive. You’re pulling in a lot of data. To help you manage this, here are a couple of tips.

Scanned Item Interval

The scanned item interval lets you configure how frequently items get rescanned by scanning targets. The number represents how many days Lansweeper will wait before rescanning that data. A 0 means the data is refreshed during every scan. I would highly recommend changing the interval to something higher unless you have a specific reason why you need eventlog data rescanned all the time. Doing this will significantly improve scanning performance.

History Cleanup Options

In the server options, you’ll be able to find History Cleanup Options. By default, eventlog data is only deleted after 60 days. I would recommend lowering this as much as you can depending on your usage. It will significantly reduce your Lansweeper database usage and could also improve the performance of Lansweeper in general.

Logging Software Usage

After quite some brainstorming, using the event log seems to be the best method of capturing software usage. Using the event 4688(S) we can see exactly when a process is created. This information in the event log gives us a lot of possibilities for reporting later on.

But first, let’s quickly run through how to enable the logging, as the event will not log all process creations by default. Obviously, if you want to enable this for many devices, a GPO is the easiest method.

Open the Local Security Policy Editor:
- Press Windows + R to open the Run dialog.
- Type secpol.msc and press Enter.
Navigate to Advanced Audit Policies:
- In the left pane of the Local Security Policy window, expand “Advanced Audit Policy Configuration.”
- Click on “Detailed Tracking” to select it.
Enable Audit Process Creation:
- In the right pane, you’ll see various audit policies. Locate and double-click on “Audit Process Creation.”
Configure the Audit Policy:
- In the “Audit Process Creation Properties” window, select the “Define these policy settings” checkbox.
- Choose “Success” to log successful process creations.

local policy editor

Reporting Software Usage

Once you have the data, it’s time to do some reporting. While the reports below can be used as they are, you can also use them as a template to do whatever you want with the data.

Process Creation

This first report is simply a list of all of the audit process creation events for the software “zoom.exe”

Run the Audit Process Creation Event Audit

Software Usage Chart

This report gives you a chart of all the zoom.exe process creation events per day, in the last 14 days.

Use the Software Usage Chart

Software Usage

This report is a slight adaptation of the chart report to also show the date of when the instances took place. This lets you see for each device how many times and on which days the zoom.exe process was created.

Run the Software Usage Audit

STAY UPDATED

Stay updated with Lansweeper by signing up for our newsletter.

"*" indicates required fields

Email*

Hidden

EmailType

Hidden

IM – Conv Page – Processing

Hidden

IM – UTM_Campaign FC – Processing

Hidden

IM – UTM_Campaign LC – Processing

Hidden

IM – UTM_Content FC – Processing

Hidden

IM – UTM_Content LC – Processing

Hidden

IM – UTM_Medium FC – Processing

Hidden

IM – UTM_Medium LC – Processing

Hidden

IM – UTM_Source FC – Processing

Hidden

IM – UTM_Source LC – Processing

Hidden

IM – UTM_Term FC – Processing

Hidden

IM – UTM_Term LC – Processing

Hidden

gclid

Hidden

msclkid

Email

This field is for validation purposes and should be left unchanged.

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.

TRY NOW TALK TO SALES