New Page 1

'==========================================================================
'
' VBScript Source File -- Created with SAPIEN Technologies PrimalScript 4.0
'
' NAME: MOM Global Settings Change Audit
'
' AUTHOR: Pete Zerger , AKOS Technology Services
' DATE : 2/16/2006
'
' COMMENT: This script audits changes in MOM Global Settings.
'
' Key Variables: SQL_DSN = The name of your MOM Database Server
' POLL_INTERVAL_IN_HOURS = number of hours to check (last 1 hr by default)
'
'==========================================================================

'on Error Resume Next

'Probably could be parameters but aren't
Const MOM_SCRIPT_EVENT_ID = 5001
Const POLL_INTERVAL_IN_HOURS = -1 '***Note: This must be a negative number as it's going back in time!!!
Const SQL_DSN = "Your_MOM_Svr_Here"

Const EVENT_TYPE_SUCCESS = 0
Const EVENT_TYPE_ERROR = 1
Const EVENT_TYPE_WARNING = 2
Const EVENTLOG_INFORMATION_TYPE = 4
Const EVENTLOG_AUDIT_SUCCESS = 8
Const EVENTLOG_AUDIT_FAILURE = 16
Const SCRIPT_FAILURE_EVENT = 91001

Dim cn
Dim rs
Dim strSQLQuery
Dim UTCTime

InitSQL()
getUTCTime()
getRuleChanges()

'Log an error if script fails
If err.number <> 0 Then
LogEvent SCRIPT_FAILURE_EVENT,EVENT_TYPE_ERROR,"MOM Admin Script Error: " & vbcrlf & "err.number: " & err.number & vbcrlf & "err.description: " & err.description
end If

set cn = Nothing
set rs = Nothing

'***********************************************
'InitSQL() Create connection
'***********************************************
Sub InitSQL()
Set cn = CreateObject("ADODB.Connection")
Set rs = CreateObject("ADODB.Recordset")
cn.Open "Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=OnePoint;Data Source=" & SQL_DSN & ""
End Sub

'***********************************************
'getUTCTime() Gets UTC time difference (-6 or -5)
'***********************************************
sub getUTCTime()
strSQLQuery = "select DateDiff(hh,getutcdate(),getdate()) as UTCTime"
rs.Open strSQLQuery,cn,1,1
UTCTime = cstr(rs("UTCTime"))
end Sub

'***********************************************
'getRuleChanges Get the SQL Server for the given mgmt group
'**********************************************
sub getRuleChanges()
strSQLQuery = "select datacategory + dataname as GlobalSetting, datavalue, lastmodified, lastmodifiedby from OnePoint..configuration where lastmodified > dateadd(hh," & POLL_INTERVAL_IN_HOURS & ",getUTCdate()) and lastmodifiedby is not null and lastmodifiedby <> 'NT AUTHORITY\SYSTEM' and lastmodifiedby <> 'dbo' and lastmodifiedby <> 'ConfigChange' order by lastmodified"

'Pull all changes from last X hours
Set rs = cn.execute(strSQLQuery)

'If recordset is null, then report that no global settings have changed in the last reporting period.
If RS.EOF Then
LogEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_SUCCESS,"No Global Settings Changes were made within the last " & abs(POLL_INTERVAL_IN_HOURS) & " hours."
exit Sub
end If

'Process global settings changes in the record Set
While Not rs.eof
globalsetting = rs("GlobalSetting")
datavalue = rs("datavalue")
sLastModified = DateAdd("H",UTCTime,rs("lastmodified"))
sLastModifiedBy = rs("lastmodifiedby")
'sIsRuleGroup = rs("IsRuleGroup")

'Generate an event noting the rule change (do we need all the fields listed after the 'Changed On' SecurityAllowLowEncryptionAgents

If globalsetting="AgentConfigCachePollingInterval" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Attribute Discovery Interval" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="CommunicationsHeartBeat" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Agent Heartbeat Interval" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="CommunicationsMaxSendLatency" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Agent - Send event & perf data after (msec)" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="ConfigName" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Management Group Name" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="EmailSettingsMailbox" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Return Address" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="EmailSettingsServerName" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:E-mail Server" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="EmailSettingsTransport" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Email transport protocol" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="ErrorReportingEnableErrorReporting" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Send Operational Data Reports to Microsoft" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="FormatCommand" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Notif. cmd format: command Line" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="FormatEmailMessage" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Global Email Format (Body)" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="FormatEmailSubject" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Global Email Format (Subject)" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="HeartBeatHBMaxDelay" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:MS Heartbeat Scan Interval" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="OtherAllowProxyForwarding" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Allow Agent Proxying" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="OtherConfigRequestInterval" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Agent Request Configuration Interval" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="OtherGlobalVdirLocation" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:File Transfer Server Directory" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="OtherServiceCheckInterval" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Service Monitoring: Status Check Interval" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="PersistenceMaxFileSize" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Storage threshold (agent or MS)" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="ResponseProcessingAllowCustomResponseExecution" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Disable custom response execution (MS)" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="ResponseProcessingNumResponseThreads" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Simultaneous Responses Allowed (agent or MS)" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="SecurityAllowLowEncryptionAgents" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Block MOM 2000 / 2000 SP1 agents" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="SecurityAllowNewManualAgents" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Reject Manual Agent Installs" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="SecurityAuthenticatedCommunicationsOnly" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Require Mutual Authentication" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="URLCompanyKB" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Online company knowledge address" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="URLProductKB" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Online product knowledge address" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="URLWebClient" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Online product knowledge address" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="AttributeCollectionScheduleInterval" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:MS Rule Change Poll Interval" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="HeartBeatHBAgentlessScanTime" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Heartbeat Checking - Scan agentless computer every " & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="InstallationGracePeriod" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting:Automatic Managment - Agent Uninstall Delay" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="CommunicationsThrottleMaxBytes" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting: Communications - Maximum amount of data per second (agent) " & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="CommunicationsPacketSendSize" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting: Communications - Packet size (agent)" & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
ElseIf globalsetting="CommunicationsAlertSendLatency" Then
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last" & abs(POLL_INTERVAL_IN_HOURS) & "Hours:" & VbCrLf & "GlobalSetting: Buffering - alert buffering " & VbCrLf & " Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
Else
LogChangeEvent MOM_SCRIPT_EVENT_ID,EVENT_TYPE_WARNING,"The following Global Setting has changed in the last " & abs(POLL_INTERVAL_IN_HOURS) & " Hours: " & VbCrLf & "GlobalSetting: Other - Please Investigate - " & GlobalSetting & VbCrLf & "Data Value: " & datavalue & vbcrlf & "Changed by: " & sLastModifiedBy & vbcrlf & "Changed on: " & sLastModified, GlobalSetting, datavalue, sLastModified, slastmodifiedby
End If

'Global values missing from this script
'Comm port (1270 by default)
'Computer discovery schedule
'Mgmt Server rule change poll interval

rs.MoveNext
Wend

end Sub

Sub LogChangeEvent(lEventID, lEventType, lEventMessage, lParam1, lParam2, lParam3, lParam4) ', lParam5)
'On Error Resume Next
Set oEvent = ScriptContext.CreateEvent

oEvent.EventNumber = lEventID
oEvent.EventType = lEventType
oEvent.Message = lEventMessage
oEvent.SetEventParameter(lParam1)
oEvent.SetEventParameter(lParam2)
oEvent.SetEventParameter(lParam3)
oEvent.SetEventParameter(lParam4)
'oEvent.SetEventParameter(lParam5)

ScriptContext.Submit oEvent
Set oEvent = Nothing

Set objShell = CreateObject("WScript.Shell")
objShell.LogEvent 4, "MOM Script: " & ScriptContext.Name & " MOMEventID: " & lEventID & " MOMEventType: " & lEventType & " MOMEventMsg: " & lEventMessage & " lParam1: " & lParam1 & " lParam2: " & lParam2 & " lParam3: " & lParam3 & " lParam4: " & lParam4 & " lParam5: " & lParam5
set objShell = Nothing
end Sub

Sub LogEvent(lEventID, lEventType, lEventMessage)
Dim oEvent
'On Error Resume Next
Set oEvent = ScriptContext.CreateEvent
oEvent.EventNumber = lEventID
oEvent.EventType = lEventType
oEvent.Message = lEventMessage
ScriptContext.Submit oEvent
Set oEvent = nothing

Set objShell = CreateObject("WScript.Shell")
objShell.LogEvent 4, "MOM Script: " & ScriptContext.Name & " MOMEventID: " & lEventID & " MOMEventType: " & lEventType & " MOMEventMsg: " & lEventMessage
set objShell = nothing

End Sub