Security Monitoring: Using SCOM to Detect Bypassed Authentication Package Back Door

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. One persistence method that an attacker can use is to modify an Operating System’s authentication packages in order to give the attacker a back door for…

5

Deploying and Troubleshooting SCOM on Unix/Linux machines

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I’m not going to rehash all the how to articles written on deploying SCOM agents to cross platform machines, but I do think there would be…

5

The Anatomy of a Good SCOM Alert Management Process – Part 1: Why is alert management necessary?

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I’ve had the luxury of doing SCOM work for several years now, across many different client types and infrastructure, and one of the constants that I…

5

SQL Management Pack for SCOM: Low Privilege configuration in Clusters

  You know it’s going to be a bad day when you take a support case and the person on the other end of the line has not only worked for Microsoft, but done your job (and done it well by all accounts) at Microsoft longer than you have.  That was my joy last week…

5

SCOM Installer Failure with RC4 Protocol Disabled

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I need to start this by tipping my hat to a couple colleagues, Louise Willis for pointing me to Ryan Christman, who dealt with the same…

4

SCOM 2012 – SharePoint WebPart shows only a blank page in a SharePoint 2013 HTTPS environment

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I ran into an interesting case with a client that I think deserves a post.   The scenario is as follows: The client was attempting to get…

4

Security Monitoring–Additional PowerShell Detections

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. Note that there is an addendum to this piece for override purposes. That can be found here. A colleague of mine turned me on to this…

4

A Deep Dive into Dynamic Group Calculation and How it Affects SCOM Performance

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I would first like to give a special thanks to John Mckeown and Nick Masiuk, both of whom provided major contributions to the work described below….

3

Reliable Time Monitor False Positives for AD Domain Member Monitoring

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I had a chance to work with a customer on importing the new AD MP for SCOM. I like this MP in particular, as it’s much…

3