During a short timeframe you will get a second shot for free on Microsoft cert. Take the chance and book a test before the offer ends. More information here.
Vista Beta 2 is now published, you can download it here
Yesterday there was a new KB publish
Billy Grind is administrator for a server named CONTOSOFILE01. Billy wants to get a e-mail if something happens with CONTOSOFILE01. This short instruction is based on a working MOM installation and that SMTP is already setup and working.
First we need to add Billy as a operator, we can do that under “Nofification” in Administrator Console
1. Right-click “Operators” and choose “Create Operator…”
2. Operator Properties – General” tab, input name of the operator, then click next
3. Operator Properties – Email, Mark “Email this operator”, input the operator e-mail , then click next
4. Operators Properties – Page, click next
5. Operators Properties – Command, click finish
Then we need to create a notification group where the new operator will be member
1. Right-click “Notification Groups” and choose “Create Notification Group…”
2. Input a name, for example fileserver administrators
3. Mark the operator you just created, and click left arrow, click finish
Then we need to create a new computer group where CONTOSOFILE will be member and a rule that will send e-mail to Billy Grind
1. First create a new computer group and include CONTOSOFILE01
2. Then create a new rule group
3. Right-click the new rule group, choose “Associate with Computer Group…” choose the computer you just created, then close that window
4. Right-click “Alert Rules” and choose “Create alert rule…”
5. Alert Rule Properties – Alert Criteria”, click next (there will be no criterias)
6. Alert Rule Properties – Schedule, click next7. Alert Rule Properties – Responses, choose add and then “Send a notification to a Notification group”, choose you new operators group and then click OK
8. Alert Rule Properties – Responses, click next
9. Alert Rule Properties – Knowledge Base, click next
10. Alert Rule Properties – General, input a name for your new rule, verify that “This rule is enable” is marked, then click finish.
Ok, now it’s done. Note that it can take some minutes before the new rule is active.
If you want to setup more criteria for e-mail notification I recommend you to install Notification Workflow. Another thing to thing about is which e-mail server you are running MOM alerts on, what happens if that mailserver goes offline? It could be a good ideas to install a extra SMTP server for MOM.
There is a large number of operations in SCOM 2007 for example close alerts, run scripts and change rules. All these operations have been group in different profiles. Every profile correspond to function or service. Below there is a explanation to every default role. A great news is that we finally got that true read-only operator role without multiple management groups.
This profile is used to give permissions to reports. SCOM 2007 have integrated SQL Reporting service security into SCOM 2007 security. Only members or the Report Operators role can read reports.
Report Security Administrator
This profiles is used between SQL Reporting services and SCOM 2007. The IIS application pool that run SQL Reporting Server is using this profile.
This profile is for persons who should only be enable to read alerts and views. What the persion can see is controlled by scope.
This profile is for persons that need access to alerts, views and to be enable to run tasks. This profile is the same as MOM User group in MOM 2005.
This profile is based on the operator profile, but this profile can also change a part of the configuration. Which part of the configuration is controlled by the running scope.
This profile is the same as the MOM Author group in MOM 2005. This profiles if for persons who will work with management packs and settings.
The Administrator profile is the most powerful profile. Administrators can do anything within the system. During the installation you will choose a group who will become SCOM 2007 Administrators. This profile is the same as MOM Administrators in MOM 2005.
Today System Center Operations Manager 2007 beta 2 was released. You can download it at Microsoft Connect. You can find FAQ about SCOM 2007 here I have installed SCOM 2007 in Hyper-V and some commentary is
- Require SQL 2005 with SP1
- During the installation you can choose a security group that will be SCOM administrators. Local administrators is no longer SCOM Administrators
- You can change the name of the database, default name is OperationsManager
- Administrator Console is gone. In SCOM 2007 all operations is done from the same console, Operator Console. What you see and can do is controlled by roles. There is seven roles in SCOM out-of-the box. Administrator is the highest role and read-only operator is the lowest. A read-only operator can only read alerts and look at views in operator console.
- MOM v3 Command Shell, a great way to operate SCOM
When you work with console scope in MOM 2005 you will soon notice that you can only add username to a scope, not groups. If you have a service desk with 50 persons it will be a lot of work to add them all. presumably there is already a security group named service desk in your organization and then you can use a tool named csutility.exe, included in MOM 2006 resource kit.I this example I have a security group named “Exchange Administrators”. All exchange administrators is member of that group. In MOM I have a console scope for them named “Exchange Administrators Scope”. When new exchange administrators is hired or quite they are added/removed to/from that group. After that group has been modify I run the following command
CSUTIL.EXE Synchronize "Exchange Administrators Scope" "DOMAIN\Exchange Administrators"
What will happened is that all members of “Exchange Administrators” will be added to the scope named “Exchange Administrators Scope”. If I have removed a user from Exchange Administrators it will be removed from the scope too. The scope is synchronized with the MOM scope.
This will save you a lot of time, because the security group is already in place.
To be enable to work with operators console your account has to be member of a MOM security group, MOM Users, MOM Administrators or MOM Authors. You account can be member of a another security group that is member of a MOM security group, group nesting. When you start operators console your permissions will be checked and if you have permission operators console will start.
You account is also bound to a console scope. Console scope is based on computer groups. Console scope control what you can see in the operators console. If a computer group is in your console scope you will enable to work with them in operators console. A account can be member of many console scopes.
Administrator, Operator and User console scope is created during installation and can work with all computer groups. You can modify them, but it is not recommended. If a client is member of for example MOM User security group and you add him/her to another console scope, the last added console scope will be the one he/she use.
In MOM 2005 permissions to console scope is based on username and domain, not SID as it use to be. This could give some funny results, for example:
If you have a client named Anton Berg (ANBE) and you add him to a console scope (scope1) and then he quite, his SID will be removed from all security groups in AD, but there will still be a DOMAIN\ANBE in the console scope. If you then hire a new guy named Antonio Beludas (ANBE) he will be enable to run scope1, because he and Anton Berg have the same DOMAIN and logonname, DOMAIN\ANBE.
Console Scope is used to filter computer groups in operators console. This is not a security boundary. If you need a security boundary you will have to deploy multiple management groups and then connect them to each other.
You do all console scope settings in MOM Administrator Console
MOM 2005 Administrator Console
-Micrsosoft Operations Manager
Index.dat is used by Internet Explorer to store webpages. When you visit a webpage Internet Explorer will save address, time, pictures, scripts, cookies and the contents of that webpage to your harddisk. The reason of this is to speed up your next visit on that webpage. Information about this files, cookies and where Internet Explorer have saved them is in index.dat.
In Internet Explorer you can delete a lot of the information that is stored in your computer. But you cant delete information in index.dat. For that reason it is easy for a person with the right tools to see which webpages you have visit and which files you have downloaded.
Index.dat is locked so even if you find it you can’t edit it. The easiest way to clear it is to use a tool.
Here are some tools that you can use
Privacy Guardian™ 4.0 for Windows
A common question is why MOM don’t generate an alert when diskspace is out. “Run Storage State Monitoring” is a script that among other things check free space. This script has a couple of parameters that will affect when an alert is generated. If we look in the Base OS MP guide we will find the following text:
Alerts are generated based on the values that are set for the free-space thresholds. Values below the established thresholds trigger alerts. However, alerts for non-system and system drives are generated only when the values for both the free space megabytes and the free space percentage are below the configured thresholds.
This means that both values have to be fulfilled before an alert is generated. Default threshold is 500Mb on non-system disks and less that 10% free space. If you have a disk at 1GB total space, that disk has to have less than 100Mb free space before an alert is generated.
A solution can be to setup free percent to 100% and then control the alert with free Mb. You always have less that 100% free disk. You can also setup free Mb to 9999999 and control the alert with free %.
You can change the parameters in Administrator Console
-Microsoft Operations Manager (MOM)
—-Microsoft Windows Storage State Monitoring Script