Monitoring Security in AD with MOM 2005 (Rory McCaw)

  • Article

I had the pleasure of meeting Rory McCaw for a second time when I attended the Ottawa Windows Server User Group meeting last night at the local Microsoft Office here in Ottawa. He’s up finishing up some project work at a customer site and was asked by Garth Jones to present to the group. Rory gave us a special sneek peek at a session he plans on delivering at this spring’s Technet 2006 in Boston (not MMS as I previously assumed).  It was called “Monitoring Security in AD with MOM 2005” and it was drawn from experience at client sites and knowing event logs and MOM 2005 inside and out.

What can I say. He knows his stuff. You’d think it would be a little dry looking at detailed event codes and audit logs as well as creating rules and alerts within MOM admin console – au contraire! This guy can make anything entertaining AND informative. The user group members were in their seats and attentive the whole time. I won’t comment on the Demo Gods behaviour because I know what it is ALL about.

One of the interesting things that came out of this session is that it proves that you can do A LOT of things with MOM and increase your Infrastructure Maturity Model to boot. I mean hey – who wouldn’t want an alert to inform you that the Domain Admins group membership has changed or that someone has been logging into Terminal Services using privileged Service Accounts?

I also liked his use of two third party products: First was Secure Vantage “System Controls Management Pack for MOM” – very detailed MP that looks for Account Management, Account Misuse, Auditing, Incident Response, Provisioning, policy changes and more… Second was one of my personal favourites Silect Software “MP Studio Express” – a very handy tool that will save your bacon managing Management Packs with MOM. It allows you to “test” MPs, tweak thresholds, reduce the noise and perform change control for MPs prior to implementing into your production environment.

It was a timely session, since I am in the final touches of getting ready to go out on the road with Bruce Cowper on the Build’06 (Secure and Well Managed Infrastructure) tour. It’s nice to see others that are passionate about managing their environments, making the life of IT Pros better out there and giving them back more time to be more pro-active instead of reactive to issues. 

Way to go Rory – I am sure your session will be well received at MMS this year. Thanks for taking the time to come by and present to the user group.