BeYourself different approach

Windows 2003 EOL Tech Brief: Who’s using that legacy app?

Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.
Dave Refault

INTRODUCTION:

When undertaking your Windows 2003 End of Life decommissioning process it’s the old rule of 90% preparation and 10% migration effort.  One of the more lengthy investigations we’ve found is determining application usage.    You will likely discover multiple applications that your client relies on and some of them could be many years out of date.

Consultant

Determining the users of these applications can be tricky, as there are potentially multiple ways to do so:-

  1.        Interview the app owner / end-users
  2.        Use Asset / System Management toolsets and query the data.
  3.        Scripting.

BODY:

Interviewing the users most likely won’t provide the results you are seeking as it will depend on user cooperation and accuracy.  These things can vary wildly.   This process is also very time consuming depending on availability and location.  As you are likely on a time limited project – this isn’t a practical approach.

Asset Management tools are perfect for this type of work as they can provide detailed information about your client software estate.   You can then easily determine the frequency of application usage and who the users are.   This will allow you to shape your communication appropriate and schedule the migration of the application and data.  Unfortunately Asset Management tools are generally quite expensive and many organisation simply choose to do one of scans as apart of Professional Services in order to satisfy licencing agreements rather than maintain an up to date record of software.

Another option is using the tools available to you, and in this case – scripting.   There are handy Powershell commands that will scan the Security log and extract the user information based on when they accessed the application executable.    

You must turn on auditing on the application EXE in order for this to work:-

Windows_Server_2003_App_Auditing

This will then record events to the Security log when the application is accessed.   Crucially the user information is also recorded.   It is best to leave a week or so between setting the auditing and analysing the logs so that you can be sure to have gathered enough statistics.

You can then use Powershell to query the Security log (remotely) and extract the information you need.  An example script would look like this:-

$Server='yourservername'
$apppath='fully-qualified-path-to-the-application-EXE'

Get-EventLog security -Computername $Server |
Where-Object {$_.EventID -eq 560} | 

Foreach-Object {
            If ($_.ReplacementStrings[2] -eq $apppath)
                {
                    Write-Host $("Adding user:" + $_.ReplacementStrings[12] + "\" + $_.ReplacementStrings[11])

                    $Users = $_.ReplacementStrings[12] + "\" + $_.ReplacementStrings[11]
                 }
                }
$Users | Select-Object -Unique


CONCLUSION:

This will output a list of users that have accessed the application.   If need be you can export the results to a CSV for further investigation.  You can then make a case to the business to decide whether the application can be retired or migrated.

That’s it for now, check back soon or subscribe for more Windows 2003 End of Life decommissioning tips.



 

More Posts

M&A Scorecard