Thursday, July 26, 2012

Auditing Group Policy change

For the Active Directory admins and security minded folks the Advanced Group Policy Management (AGPM) tool is great for managing change.  What SCOM does well is alert but not necessarily does it do all things out of the box even with the Group Policy Management Pack.  
Say you want to know when a GPO is:
1) Created
2) Deleted
3) Modified
4) Permissions changed
5) Linked
Here is a great blog post (wrote to enable auditing for Group Policy change for the AD and SYSVOL.  Once this is in place just create an rule to filter on events event 5136 or event 5137 if using Windows Server 2008 or above.


http://blogs.msdn.com/b/canberrapfe/archive/2012/05/02/auditing-group-policy-changes.aspx

Tuesday, July 17, 2012

Active Directory Management Pack (OOMADs.msi)

Hi folks, this will be short.  When installing the AD Management pack, please remember to open up the properties for the Agent which the DC is installed and check "Allow this agent to act as a proxy and discover managed objects on other computers."   ALSO, please install the "OOMADs.msi" locally on the DC. What is this?  This is the Active Directory Management Helper Object.   It's not well mentioned in documentation I have read up on.  

Apparently the "AD Database and Log : The script ‘AD Database and Log’ failed to create object ‘McActiveDir.ActiveDirectory’.
The error returned was: ‘ActiveX component can’t create object’ (0x1AD)" 


error is a result of not having this component installed (credit to Graham for this bit of info). "The file which is installed automatically on a push install via a Management Server can be copied and manually installed from the OpsMgr software … there is a HelpObjects folder where ooMADS.msi can be run from."


The component also fixes some Gateway issues.  Cheers.

Thursday, July 12, 2012

SCOM Company Knowledge

Having trouble attempting to edit Company Knowledge for a monitor?



 Sometimes the Product Knowledge for a SCOM alert is not too informative.





Here's what you will need to do.    Install the following on a Operations Console 
1) Install 2003 Office Web Components
2) Install Office 2003 Word
3) Install Office 2003 Primary Interop Assemblies
4) Install Visual Studio Tools for Office 2005 








Here's a question for Microsoft.  Why in 2012 are parts of Office 2003 components required for a product released in 2012?  No biggie but really?  ಠ_ಠ