Azure Operational Insights: Security and Audit

In one of my last OpsMgr deployments I configured Audit Collection Services for auditing security related information. ACS is still working great but there were no improvements made to ACS since OpsMgr 2007 R2. So it’s lacking high-availability possibilities, for now I’ve created my own solution, but still it’s a pity that there is not much improvement. With OpInsights we get a new solution for security auditing. With the Intelligence Pack Security and Audit you can send your security information to OpInsights, when uploaded you can use the OpInsights functionality to query your information.

SCOM 2012: ACS Security Log Retention Monitor (Update)

A couple of weeks ago I released a Management Pack with a Security Log retention monitor. This monitor uses PowerShell to determine the retention of the security log. This is important in ACS implementations and therefore you want to monitor this. Unfortunately I discovered some performance issues with the monitor so I changed the monitor to resolve these problems for Windows 2008 and later systems. Continue reading

SCOM 2012: ACS Forwarder Security Log Retention Monitor

In an OpsMgr Audit Collection Services implementation the local security logs on the forwarders are the queue when the collector is not available. So the retention time of the Security Log is a very important, but out-of-the-box not monitored by OpsMgr. Today I decided to create a PowerShell monitor which monitors the retention time of the security event log. This PowerShell monitor uses the following script to define the retention of the Security event log of an ACS forwarder.

SCOM 2012: ACS automatic failover (update)

A couple of weeks ago I posted my ACS collector automatic failover script. I have implemented this solution in my current ACS implementation and based on that implementation I have 2 tips which avoids two active controllers.

SCOM 2012: ACS configuration location

Yesterday I blogged about how to get an automatic ACS collector scenario. I described my solution with a new PowerShell monitor and a failover scripts as recovery. One of the prerequisites of this solution is to make the ACS configuration file ‘ACSConfig.xnl’ available for both ACS collectors.

SCOM 2012: ACS Collector automatic failover v2

Last month I created an OpsMgr ACS Collector failover script. This script worked but was not able to failover the ACS Collector role in all scenarios. This was mainly based on the fact that I used the existing ACS collector service monitor. This monitor checks the AdtServer service and alert when this service fails. Only when the complete server is down this monitor goes into a gray state instead of critical state. So I decided to add some additional components to the failover script. An updated version of the failover script (management pack) can be at the end of this blogpost.
Continue reading

The Microsoft Workplace Blog

Blog about the Microsoft Modern Workplace

ACS