Solved

Windows Server config change monitoring

Posted on 2013-12-11
7
292 Views
Last Modified: 2013-12-18
Need help with a project.
Using SCOM, check and keep track of file servers changes and send alerts.
0
Comment
Question by:zman2013
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 19

Assisted Solution

by:jss1199
jss1199 earned 250 total points
ID: 39712030
That is a broad subject - any specific changes?  SCOM is not meant to perform full configuration management and change tracking, but rather to monitor systems for known conditions.  To do what you seem to be asking, you would need to create a monitor and rule for every potential change to the file system, registry, etc.

Your best bet is to use the companion System Center product SCCM to create configuration baselines, so you can then report (and alert) where your configuration has drifted.
0
 

Author Comment

by:zman2013
ID: 39712133
Steps are to create separate profile for individual servers and run a script to match the config everyday.  Send alert if there is a change?
0
 
LVL 8

Assisted Solution

by:Leon Taljaard
Leon Taljaard earned 250 total points
ID: 39712414
Hi

You could also look at implementing SCOM ACS which is an auditing addition to SCOM that can track, alert and report on changes, especially file servers, like privilege use, object access and things like that.

So meaning something like when you enable auditing via GPO in local security policy.

Thanks
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 19

Assisted Solution

by:jss1199
jss1199 earned 250 total points
ID: 39712446
To correct Leon, respectfully, SCOM ACS is strictly a security even log collector.  It takes the security event logs from each monitored machines and forwards them to the ACS database for analysis and reporting - it does not report on changes.

For what the OP wants, he should leverage SCCM's configuration management feature.
0
 
LVL 8

Accepted Solution

by:
Leon Taljaard earned 250 total points
ID: 39712489
Hi

Sure, yes it only collects but it presents it a better format than looking through event logs and you can also alert on it.

The SCCM Compliance feature is also an option and also a great feature I use I our environment.

It was merely a suggestion that is also an option and used extensively, depending on what exactly is required.

But yes all changes and config will have to be setup and planned.

Thanks
0
 
LVL 8

Expert Comment

by:Leon Taljaard
ID: 39712504
The only problem I have had with the Compliance part of SCCM or lack of feature is the alerting in SCOM of the individual out of compliance object.

When something is out of compliance the alert generated is a broad alert about the compliance being out as a whole instead of showing the only one being changed.

Thanks
0
 
LVL 3

Expert Comment

by:Detlef001
ID: 39714103
You can achieve this from an application. Manually you can create an auditing on that too at some place but you can't generate the alerts for them as well.

Please have a look at this application for the file server application monitoring.
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA RADIUS Authetication for Management Access 13 46
Wireshark Network Packet Analysis of PS4 7 42
sftp vs SendThisFile 9 48
Bizarre IP Address / Port Blocking Windows 7 13 56
Why pager replacement is still an issue OnPage has what some might call a “hate/hate” relationship with pagers. Not much room for love. As we see it, pagers are an antiquated bit of technology. Pagers are dinosaurs which, like most dinosaurs, sho…
IT certifications are a concrete representation of continual learning on the part of the candidate.  Continual learning is necessary for the long term success of an IT professional, but are IT certifications the right path for you?
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question