Search My Site

Ops Mgmt Blogroll
WHO AM I
MS MOM 2005 and Ops Mgr 2007 Resources
SCE 2007 Bloggers


Previous Posts

Comments

Syndication


Google Reader
del.icio.us Pete's Management Blog
Add to My Yahoo!
Subscribe with Bloglines
Subscribe in NewsGator Online
myFeedster
Add to My AOL
Add 'Pete's Management Blog' to Newsburst from CNET News.com

Powered by Blogger

My MVP Profile


My MVP Profile

Saturday, February 18, 2006

Auditing Global Settings Changes in MOM

It's a fact that the security model in MOM often doesnt map directly to the role separation amongst infrastructure engineers and Operations staff in larger environments. As a result, sometimes Operations staff that may be responsible for some of the care and feeding of MOM may be granted permissions in MOM that allow them to make unwelcome changes, run tasks, etc. This being said, it would then be necessary to audit changes to ensure that unauthorized changes do not find there way into your environment.

1) Tasks (done - new feature in MOM 2005)
2) Global Settings Changes (no built-in functionality)3)
3) Rule and Rule Group Changes (no built-in functionality)

Items 2 and 3 have recently been addressed through custom scripts.

I put together a script for Auditing Global Settings Changes in MOM
You will find the source code here: http://www.it-jedi.net/scripts/AuditGlobalSettingsChanges.htm


To use the script:
1) Create a new script under 'Scripts' in the MOM Administrator Console
2) Create an event rule using a 'Timed Event' provider that runs hourly.
Optional
3) Create an alert rule to raise and alert / send notifications to your MOM architects

The resulting events return friendly text description of the rule that was changed, it's current value, the date / time changed and the userid under which it was changed. The output looks something like this.



In the event that I missed a global setting, there is a fallback rule that will return the concatenated Datacategory and Dataname vaules from the Configuration table within Onepoint with a note requesting further investigation.The output looks something like this, and should give you a clue as to what global value was changed. If you should ever see this, send me an e-mail requesting a bugfix.




NOTE: This script is based in large part on the original 'Rule & Rule Group Change Audit' script by jJesse Harris, posted back in November of last year. (Thanks Jesse!)
The source code for Jesse's Rule & Rule Group Change Audit script is available here: http://www.it-jedi.net/scripts/AuditRuleChanges.htm

Labels: ,

posted by Pete Zerger at 1:36 PM  

Comments on "Auditing Global Settings Changes in MOM"

 

post a comment links to this post