Home » 2010 » January

Monthly Archives: January 2010

Target IT Announcement to a group of users in Service Manager

January 31, 2010 / 9 Comments on Target IT Announcement to a group of users in Service Manager

This week I have done some tests with IT announcements in Service Manager 2010. What I wanted to do was to target a IT announcements to a group of users and another announcements to another group of users. This can be done, but includes a number of steps and some XML coding. These are the general steps

  1. Extend the announcement class with a new property
  2. Sort your announcements in different categories with the new property
  3. Include you different announcement categories in dynamic groups
  4. Create new security user roles for your end users, one role for each target group of users

Travis has a good post about extending classes. In this example I extend the announcement class and adds a property named “group”.

Service Manager is using a standard form when creating new announcements in the console. That is default, if not form is target it will use a default form and show you all properties for the class. So In this scenario you dont need to customize the form. As soon as you import the management pack with the extension, and creates a new announcement the new property is in the form.

Next step is to sort your announcements. There is a number of ways to do it but one example could be that your company contains of four departments and that you want to base announcements on departments. You assign each department a number and then one for all departments, for example 

  1. IT
  2. HR
  3. Manufacturing
  4. Development
  5. All departments

Now open all your announcements and configure them with the correct announcements target number (department number) in the group field. After that we need to create groups that contains the correct announcements. We will use the groups in security user roles to control who will see which announcement. Create one group for each department, for example for the HR department

  • Group Name: Contoso – Announcement – 2 HR
  • Management Pack: Contoso Announcement Extension
  • Dynamic Members: [Contoso.Announcement.ExtensionClass] Assigned to group equals 2 OR  [Contoso.Announcement.ExtensionClass] Assigned to group equals 5

We will need to include 5 in each group as we want all departments get announcement target to 5 – ALL. There is a “View group members” task that you can use to verify that you have the correct annoncements in each group. Remember to save your groups in the customization management pack you imported.

 

Next step is to configure user roles. With default settings all authenticated users can read all IT announcements. Start by removing authenticated users from the default end-user user security role. Then create a new advanced operator user security role for each department. For example for HR

  • General, Name: Contoso – Advanced Operator – HR
  • Management Packs: Select All
  • Queues: select provide access to only the selected queues and don’t select any
  • Groups: Select the Contoso – Announcements – 2 HR group
  • Tasks: select provide access to only the selected tasks and don’t select any
  • Views: select provide access to only the selected views and dont select any
  • Form Templates: All forms can be accessed
  • Users: Select your HR users
  • Summary: Click Create and close the wizard

If you now log-on to the self service portal as a user from the HR department you will only see announcements target to ALL (5) and HR (2). If you include that use in the default end-user security user role it will see all announcements again, even if it is still in the restricted HR security user role. If a user in one of the new advanced operator roles open the Service Manager console they will see the work items, Library and Configuration Items (DW not installed) workspaces including sub views. But there is no information anywhere in the console, for example they will not see any incidents and no computers.

Microsoft TechDays 2010

January 31, 2010 / Leave a comment

I will deliver a sessions at TechDays 2010 in Örebro/Sweden. My session “Operations Manager 2007 R2 tips and trix” is a level 400 session with a lot of good tips from the field. I will show a number of custom solutions and solutions to problems I often see at customers.

I will also spend time in the exhibit area as my employer Atea is the main sponsor for the event, so stop by and say hi. See you in Örebro!

 

More info about the event here

Related dates in Service Manager views

January 27, 2010 / Leave a comment

My collegue Patrik and I is playing with Service Manager in the sandbox today. We just notice a nice feature when creating views. You can create them based on related dates. For example if you want to show all items modified the last week you could configure the view according to the picture below.

Auditing files in Windows with ACS

January 18, 2010 / 7 Comments on Auditing files in Windows with ACS

I have been doing some tests for file auditing with Audit Collection Services (ACS). Unfortunately Windows file auditing doesn´t really generate informative logs. It is most often the same event ID and the event description is very technical. I did some file operations and reviewed all events in the security event log. I think I have found a way to almost sort all the different file operations in different ACS reports. The first thing you need to do is enable auditing in both a policy and on the folder. I have used the built-in Microsoft Report Builder to create my new ACS reports. You can read more about creating ACS reports here. I have built four reports. You could merge them into one and you can add/remove any parameter you want. It could be nice with relative dates and an input field for user name and object name. One of the first thing I did was match ACS report parameters with parameters in security events, below is the result from that exercise

  • String01 – Object Type
  • String02 – Object Name
  • String03 – Process ID
  • String04 – Process Name
  • String05 – Accesses
  • String06 – Object Server
  • String07 – Handle ID
  • String08 – Transaction ID
  • String09 – Access Mask
  • String10 – Privileges Used for Access Check
  • String11 – Restricted SID Count

For the four reports I use the following filter

  • Contoso – File – Created Files
    • Event ID equals 4656
      • String 09 equals 0x6019f
      • or
      • String 09 equals 0x16019f
  • Contoso – File – Delete
    • Event ID equals 4663
    • String 05 contains DELETE
  • Contoso – File – Modified Files
    • Event ID 4656
      • String 09 equals 0x2019f
      • or
      • String 09 equals 0x12019f
  • Contoso – File – Open/Read Files
    • Event ID equals 4656
      • String 09 equals 0x120089
      • or
      • String 09 equals 0x20089

Summary: You read the step by step guide about ACS reports in my ACS report post and you apply the filter is this post.

Infrastructure Planning and Design Guide Series

January 10, 2010 / Leave a comment

I want to tip you about a serie of documents that I often use in System Center projects.

The Infrastructure Planning and Design (IPD) series provides guidance for Microsoft infrastructure products. The series is a collection of documents that leads the reader through a sequence of core decision points to design an infrastructure for Microsoft products. It also provides a means to validate design decisions with the business to ensure that the solution meets the requirements for both business and infrastructure stakeholders.

The IPD documents are designed to be used by the following IT personnel:

  • Infrastructure planners and architects who have a firm operational grasp of the technology.
  • Partners and consultants who design infrastructure solutions.
  • Business managers who want to understand how the technology decisions being made both support and affect the business.

You will find the documents here