Hi, I'm new to SCOM so please excuse me if I'm asking silly question. SCOM should send alerts to distribution list whenever a users is added/removed in to "Domain Admins", "Enterprise Admins", ... any Security Group and Any new machines joined to the domain. Can this be achieved using SCOM 2007 R2 ? How is the way forward... Thanks!

Hi If you want to do a lot of security monitoring \ alerts then take a look at Secure Vantage who have management packs around this. If you are just looking for a few events then take a look at writing your own with the help of these: http://blogs.technet.com/b/kevinholman/archive/2010/04/12/using-opsmgr-for-intrusion-detection-and-security-hardening.aspx http://social.technet.microsoft.com/wiki/contents/articles/how-to-get-operations-manager-2007-alerts-for-domain-group-membership-changes.aspx You basically need to find out the event id that windows generates and then create a rule that generates an alert when that event id occurs in the windows security log: http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/ Cheers GrahamView OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

Hi, Here is an example about how to create alerts when users are added to Domain Admins: http://www.shockwave.me.uk/?p=91Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.