Configuring SCOM to Monitor Dell Storage Solutions

I was asked by a customer recently to configure SCOM to monitor Dell EMC SANs. The request seemed easy enough, until I got to doing it and realized that the documentation is, well, less than stellar. As such, this will be a quick post as to how we managed to get this working. I’m not…


SCOM Installer Failure with RC4 Protocol Disabled

I need to start this by tipping my hat to a couple colleagues, Louise Willis for pointing me to Ryan Christman, who dealt with the same issue about a month prior and was able to save me a support call. To set the stage, we were doing a SCOM 2016 install on a hardened Server…


SCOM Agent Stuck in a Not Monitored State

I ran into a rather peculiar issue with a SCOM agent, and after speaking to Ainsley Blackmon in SCOM support, it was pretty clear that this hasn’t been seen before. Hopefully that means that it is something you won’t ever see, but it did have enough similarities to the TLS/Schannel issues that I’d occasionally observe…


Future Plans/Requests for Security Monitoring MP

I wanted to take a few minutes and discuss current plans for upcoming changes in the security MP. I’d also like to use this space as an open forum for feature requests. While I’m not expecting tons of requests, it is worth noting that I do have a few criteria for any change I make….


Updated Security Monitoring MP is Now Available

I’ve released an updated Management Pack for security monitoring. The original landing page can be found here. The change log can be found here. The download can be found here.


Security Monitoring Change Log

This is a link to the download. These are the changes in the newest release… This management pack is now sealed. That’s probably the biggest change going forward as customizations can be stored in their own separate MP. There are also collection rules and reports setup to target legacy protocols. This should allow an organization…


In Place Upgrading the SSRS for SCOM

I ran into an odd issue today, doing an in-place upgrade of SQL 2012 SP3 to SQL 2016 in prep for a SCOM upgrade that was worth noting. My customer had separate instances for the DB/DW, and that upgrade was fine. However, when doing an inplace of SSRS, we got the following failure during the…


Updating GPO Monitoring in Security Monitoring for MSFT AGPM

This is something that was brought to my attention in regards to my security monitoring MP in regards to GPO modifications. Microsoft has a product called AGPM which allows administrators to control GPO modifications via an AGPM server. My understanding is that GPOs can still be modified by domain admins, but that (if setup right),…


Security Monitoring: Using SCOM to detect NTLMv1 and LanManager Authentication Types

One of the big changes in the next release of the Security Monitoring management pack will be reports designed to let administrators if they are using older protocols in their environments. It goes without saying that many older protocols are often full of vulnerabilities. As well, they tend to be on by default due to…