This topic contains security and privacy information for software metering in System Center 2012 Configuration Manager.

Security Best Practices for Software Metering

There are currently no security-related best practices for software metering.

Security Issues for Software Metering

An attacker could send invalid software metering information to Configuration Manager, which will be accepted by the management point even when the software metering client setting is disabled. This might result in a large number of metering rules that are replicated throughout the hierarchy, causing a denial of service on the network and to Configuration Manager site servers.

Because an attacker can create invalid software metering data, do not consider software metering information to be authoritative.

Software metering is enabled by default as a client setting.

Privacy Information for Software Metering

Software metering monitors the usage of applications on client computers. Software metering is enabled by default. You must configure which applications to meter. Metering information is stored in the Configuration Manager database. The information is encrypted during transfer to a management point but it is not stored in encrypted form in the Configuration Manager database.

This information is retained in the database until it is deleted by the site maintenance tasks Delete Aged Software Metering Data (every five days) and Delete Aged Software Metering Summary Data (every 270 days). You can configure the deletion interval. Metering information is not sent to Microsoft.

Some additional metering information is collected through hardware inventory. For more information, see Security and Privacy for Hardware Inventory in Configuration Manager.

Before you configure software metering, consider your privacy requirements.

See Also