Welcome to! My name is Anders Bengtsson and this is my blog about Azure infrastructure and system management. I am a senior engineer in the FastTrack for Azure team, part of Azure Engineering, at Microsoft. has two main purposes, first as a platform to share information with the community and the second as a notebook for myself.

Everything you read here is my own personal opinion and any code is provided "AS-IS" with no warranties.

Anders Bengtsson

MVP awarded 2007,2008,2009,2010

My Books
Service Manager Unleashed
Service Manager Unleashed
Orchestrator Unleashed
Orchestrator 2012 Unleashed
Inside the Microsoft Operations Management Suite

Microsoft Certified Professional

During a short timeframe you will get a second shot for free on Microsoft cert. Take the chance and book a test before the offer ends. More information here.

Vista Beta 2

Vista Beta 2 is now published, you can download it here


Yesterday there was a new KB publish

How to add space to the Microsoft Operations Manager OnePoint Database

Mail notification based on computer groups

Billy Grind is administrator for a server named CONTOSOFILE01. Billy wants to get a e-mail if something happens with CONTOSOFILE01. This short instruction is based on a working MOM installation and that SMTP is already setup and working.

First we need to add Billy as a operator, we can do that under “Nofification” in Administrator Console

1.       Right-click “Operators” and choose “Create Operator…”

2.       Operator Properties – General” tab, input name of the operator, then click next

3.       Operator Properties – Email, Mark “Email this operator”, input the operator e-mail , then click next

4.       Operators Properties – Page, click next

5.       Operators Properties – Command, click finish

Then we need to create a notification group where the new operator will be member

1.       Right-click “Notification Groups” and choose “Create Notification Group…”

2.       Input a name, for example fileserver administrators

3.       Mark the operator you just created, and click left arrow, click finish

Then we need to create a new computer group where CONTOSOFILE will be member and a rule that will send e-mail to Billy Grind

1.       First create a new computer group and include CONTOSOFILE01

2.       Then create a new rule group

3.       Right-click the new rule group, choose “Associate with Computer Group…” choose the computer you just created, then close that window

4.       Right-click “Alert Rules” and choose “Create alert rule…”

5.       Alert Rule Properties – Alert Criteria”, click next (there will be no criterias)

6.        Alert Rule Properties – Schedule, click next7.       Alert Rule Properties – Responses, choose add and then “Send a notification to a Notification group”, choose you new operators group and then click OK

8.       Alert Rule Properties – Responses, click next

9.       Alert Rule Properties – Knowledge Base, click next

10.   Alert Rule Properties – General, input a name for your new rule, verify that “This rule is enable” is marked, then click finish.

Ok, now it’s done. Note that it can take some minutes before the new rule is active.

If you want to setup more criteria for e-mail notification I recommend you to install Notification Workflow. Another thing to thing about is which e-mail server you are running MOM alerts on, what happens if  that mailserver goes offline? It could be a good ideas to install a extra SMTP server for MOM.


KB article,  “Failed to send SMTP message” error when MOM 2005 tries to send SMTP e-mail notification response”


Rolebased security

There is a large number of operations in SCOM 2007 for example close alerts, run scripts and change rules. All these operations have been group in different profiles.  Every profile correspond to function or service. Below there is a explanation to every default role. A great news is that we finally got that true read-only operator role without multiple management groups.

  • Report Operator
    This profile is used to give permissions to reports. SCOM 2007 have integrated SQL Reporting service security into SCOM 2007 security. Only members or the Report Operators role can read reports.
  • Report Security Administrator
    This profiles is used between SQL Reporting services and SCOM 2007. The IIS application pool that run SQL Reporting Server is using this profile.
  • Read-Only Operator
    This profile is for persons who should only be enable to read alerts and views. What the persion can see is controlled by scope.
  • Operator
    This profile is for persons that need access to alerts, views and to be enable to run tasks. This profile is the same as MOM User group in MOM 2005.
  • Advanced Operator
    This profile is based on the operator profile, but this profile can also change a part of the configuration. Which part of the configuration is controlled by the running scope.
  • Author
    This profile is the same as the MOM Author group in MOM 2005. This profiles if for persons who will work with management packs and settings.
  • Administrator
    The Administrator profile is the most powerful profile. Administrators can do anything within the system. During the installation you will choose a group who will become SCOM 2007 Administrators. This profile is the same as MOM Administrators in MOM 2005.

System Center Operations Manager 2007 Beta 2

Today System Center Operations Manager 2007 beta 2 was released. You can download it at Microsoft Connect. You can find FAQ about SCOM 2007 here I have installed SCOM 2007 in Hyper-V and some commentary is

  • Require SQL 2005 with SP1
  • During the installation you can choose a security group that will be SCOM administrators. Local administrators is no longer SCOM Administrators
  • You can change the name of the database, default name is OperationsManager
  • Administrator Console is gone. In SCOM 2007 all operations is done from the same console, Operator Console. What you see and can do is controlled by roles. There is seven roles in SCOM out-of-the box. Administrator is the highest role and read-only operator is the lowest. A read-only operator can only read alerts and look at views in operator console.
  • MOM v3 Command Shell, a great way to operate SCOM




When you work with console scope in MOM 2005 you will soon notice that you can only add username to a scope, not groups. If you have a service desk with 50 persons  it will be a lot of work to add them all. presumably there is already a security group named service desk in your organization and then you can use a tool named csutility.exe, included in MOM 2006 resource kit.I this example I have  a security group named “Exchange Administrators”. All exchange administrators is member of that group. In MOM I have a console scope for them named “Exchange Administrators Scope”. When new exchange administrators is hired or quite they are added/removed to/from that group. After that group has been modify I run the following command

CSUTIL.EXE Synchronize "Exchange Administrators Scope" "DOMAIN\Exchange Administrators"

What will happened is that all members of “Exchange Administrators” will be added to the scope named “Exchange Administrators Scope”. If I have removed a user from Exchange Administrators it will be removed from the scope too. The scope is synchronized with the MOM scope.

This will save you a lot of time, because the security group is already in place.


MOM 2005 Resource Kit


Console Scope

To be enable to work with operators console your account has to be member of a MOM security group, MOM Users, MOM Administrators or MOM Authors. You account can be member of a another security group that is member of a MOM security group, group nesting. When you start operators console your permissions will be checked and if you have permission operators console will start.

You account is also bound to a console scope. Console scope is based on computer groups. Console scope control what you can see in the operators console. If a computer group is in your console scope you will enable to work with them in operators console. A account can be member of many console scopes.

Administrator, Operator and User console scope is created during installation and can work with all computer groups. You can modify them, but it is not recommended. If a client is member of for example MOM User security group and you add him/her to another console scope, the last added console scope will be the one he/she use.

In MOM 2005 permissions to console scope is based on username and domain, not SID as it use to be. This could give some funny results, for example:

If you have a client named Anton Berg (ANBE) and you add him to a console scope (scope1) and then he quite, his SID will be removed from all security groups in AD, but there will still be a DOMAIN\ANBE in the console scope. If you then hire a new guy named Antonio Beludas (ANBE) he will be enable to run scope1, because he and Anton Berg have the same DOMAIN and logonname, DOMAIN\ANBE.

Console Scope is used to filter computer groups in operators console. This is not a security boundary. If you need a security boundary you will have to deploy multiple management groups and then connect them to each other.

You do all console scope settings in MOM Administrator Console
MOM 2005 Administrator Console
-Micrsosoft Operations Manager
—Console Scopes

What is index.dat?

Index.dat is used by Internet Explorer to store webpages. When you visit a webpage Internet Explorer will save address, time, pictures, scripts, cookies and the contents of that webpage to your harddisk. The reason of this is to speed up your next visit on that webpage. Information about this files, cookies and where Internet Explorer have saved them is in index.dat.

In Internet Explorer you can delete a lot of the information that is stored in your computer. But you cant delete information in index.dat. For that reason it is easy for a person with the right tools to see which webpages you have visit and which files you have downloaded.

Index.dat is locked so even if you find it you can’t edit it. The easiest way to clear it is to use a tool.
Here are some tools that you can use

Privacy Guardian™ 4.0 for Windows

Super Winspy



A common question is why MOM don’t generate an alert when diskspace is out. “Run Storage State Monitoring” is a script that among other things check free space. This script has a couple of parameters that will affect when an alert is generated. If we look in the Base OS MP guide we will find the following text:

Alerts are generated based on the values that are set for the free-space thresholds. Values below the established thresholds trigger alerts. However, alerts for non-system and system drives are generated only when the values for both the free space megabytes and the free space percentage are below the configured thresholds.

This means that both values have to be fulfilled before an alert is generated. Default threshold is 500Mb on non-system disks and less that 10% free space. If you have a disk at 1GB total space, that disk has to have less than 100Mb free space before an alert is generated.

A solution can be to setup free percent to 100% and then control the alert with free Mb. You always  have less that 100% free disk. You can also setup free Mb to 9999999 and control the alert with free %.

You can change the parameters in Administrator Console
-Microsoft Operations Manager (MOM)
–Management Packs
—-Microsoft Windows Storage State Monitoring Script