Securing SCOM in a Privilege Tiered Access Model–Part 2

Previously, I discussed basic security posture and what is needed to secure a SCOM installation. The post can be found here. In summary, we discussed risks associated with malicious management packs and the use of a service account for agent action instead of the local system. This discussion will focus a bit deeper on account…


Securing SCOM in a Privilege Tiered Access Model–Part 1

I’ve had a few discussions with some people internally on this subject. One thing that has been consistent in these conversations is that we (Microsoft) don’t have much in the way of good guidance on securing SCOM, and this really needs to be addressed. Since I’ve written quite a bit on Cyber Security and SCOM,…


Configuring SCOM to Monitor Dell Storage Solutions

I was asked by a customer recently to configure SCOM to monitor Dell EMC SANs. The request seemed easy enough, until I got to doing it and realized that the documentation is, well, less than stellar. As such, this will be a quick post as to how we managed to get this working. I’m not…


SCOM Installer Failure with RC4 Protocol Disabled

I need to start this by tipping my hat to a couple colleagues, Louise Willis for pointing me to Ryan Christman, who dealt with the same issue about a month prior and was able to save me a support call. To set the stage, we were doing a SCOM 2016 install on a hardened Server…


SCOM Agent Stuck in a Not Monitored State

I ran into a rather peculiar issue with a SCOM agent, and after speaking to Ainsley Blackmon in SCOM support, it was pretty clear that this hasn’t been seen before. Hopefully that means that it is something you won’t ever see, but it did have enough similarities to the TLS/Schannel issues that I’d occasionally observe…


Future Plans/Requests for Security Monitoring MP

I wanted to take a few minutes and discuss current plans for upcoming changes in the security MP. I’d also like to use this space as an open forum for feature requests. While I’m not expecting tons of requests, it is worth noting that I do have a few criteria for any change I make….


Updated Security Monitoring MP is Now Available

I’ve released an updated Management Pack for security monitoring. The original landing page can be found here. The change log can be found here. The download can be found here.


Security Monitoring Change Log

This is a link to the download. These are the changes in the newest release… This management pack is now sealed. That’s probably the biggest change going forward as customizations can be stored in their own separate MP. There are also collection rules and reports setup to target legacy protocols. This should allow an organization…


In Place Upgrading the SSRS for SCOM

I ran into an odd issue today, doing an in-place upgrade of SQL 2012 SP3 to SQL 2016 in prep for a SCOM upgrade that was worth noting. My customer had separate instances for the DB/DW, and that upgrade was fine. However, when doing an inplace of SSRS, we got the following failure during the…


Updating GPO Monitoring in Security Monitoring for MSFT AGPM

This is something that was brought to my attention in regards to my security monitoring MP in regards to GPO modifications. Microsoft has a product called AGPM which allows administrators to control GPO modifications via an AGPM server. My understanding is that GPOs can still be modified by domain admins, but that (if setup right),…