Active Directory security monitoring alerts
Hi,
I'm new to SCOM so please excuse me if I'm asking silly question.
SCOM should send alerts to distribution list whenever a users is added/removed in to "Domain Admins", "Enterprise Admins", ... any Security Group and Any new machines joined to the domain.
Can this be achieved using SCOM 2007 R2 ? How is the way forward...
Thanks!
June 21st, 2011 4:33pm
Hi
If you want to do a lot of security monitoring \ alerts then take a look at Secure Vantage who have management packs around this.
If you are just looking for a few events then take a look at writing your own with the help of these:
http://blogs.technet.com/b/kevinholman/archive/2010/04/12/using-opsmgr-for-intrusion-detection-and-security-hardening.aspx
http://social.technet.microsoft.com/wiki/contents/articles/how-to-get-operations-manager-2007-alerts-for-domain-group-membership-changes.aspx
You basically need to find out the event id that windows generates and then create a rule that generates an alert when that event id occurs in the windows security log:
http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/
Cheers
GrahamView OpsMgr tips and tricks at
http://systemcentersolutions.wordpress.com/
Free Windows Admin Tool Kit Click here and download it now
June 21st, 2011 5:12pm
Hi,
Here is an example about how to create alerts when users are added to Domain Admins:
http://www.shockwave.me.uk/?p=91Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 22nd, 2011 4:17am