Solved

Windows Server config change monitoring

Posted on 2013-12-11
7
290 Views
Last Modified: 2013-12-18
Need help with a project.
Using SCOM, check and keep track of file servers changes and send alerts.
0
Comment
Question by:zman2013
7 Comments
 
LVL 19

Assisted Solution

by:jss1199
jss1199 earned 250 total points
ID: 39712030
That is a broad subject - any specific changes?  SCOM is not meant to perform full configuration management and change tracking, but rather to monitor systems for known conditions.  To do what you seem to be asking, you would need to create a monitor and rule for every potential change to the file system, registry, etc.

Your best bet is to use the companion System Center product SCCM to create configuration baselines, so you can then report (and alert) where your configuration has drifted.
0
 

Author Comment

by:zman2013
ID: 39712133
Steps are to create separate profile for individual servers and run a script to match the config everyday.  Send alert if there is a change?
0
 
LVL 8

Assisted Solution

by:Leon Taljaard
Leon Taljaard earned 250 total points
ID: 39712414
Hi

You could also look at implementing SCOM ACS which is an auditing addition to SCOM that can track, alert and report on changes, especially file servers, like privilege use, object access and things like that.

So meaning something like when you enable auditing via GPO in local security policy.

Thanks
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 19

Assisted Solution

by:jss1199
jss1199 earned 250 total points
ID: 39712446
To correct Leon, respectfully, SCOM ACS is strictly a security even log collector.  It takes the security event logs from each monitored machines and forwards them to the ACS database for analysis and reporting - it does not report on changes.

For what the OP wants, he should leverage SCCM's configuration management feature.
0
 
LVL 8

Accepted Solution

by:
Leon Taljaard earned 250 total points
ID: 39712489
Hi

Sure, yes it only collects but it presents it a better format than looking through event logs and you can also alert on it.

The SCCM Compliance feature is also an option and also a great feature I use I our environment.

It was merely a suggestion that is also an option and used extensively, depending on what exactly is required.

But yes all changes and config will have to be setup and planned.

Thanks
0
 
LVL 8

Expert Comment

by:Leon Taljaard
ID: 39712504
The only problem I have had with the Compliance part of SCCM or lack of feature is the alerting in SCOM of the individual out of compliance object.

When something is out of compliance the alert generated is a broad alert about the compliance being out as a whole instead of showing the only one being changed.

Thanks
0
 
LVL 3

Expert Comment

by:Detlef001
ID: 39714103
You can achieve this from an application. Manually you can create an auditing on that too at some place but you can't generate the alerts for them as well.

Please have a look at this application for the file server application monitoring.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
There's a better way to communicate time sensitive or critical info.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question