A couple of weeks ago I released a Management Pack with a Security Log retention monitor. This monitor uses PowerShell to determine the retention of the security log. This is important in ACS implementations and therefore you want to monitor this. Unfortunately I discovered some performance issues with the monitor so I changed the monitor to resolve these problems for Windows 2008 and later systems. Continue reading
Powershell
SCOM 2012: ACS Forwarder Security Log Retention Monitor
StandardIn an OpsMgr Audit Collection Services implementation the local security logs on the forwarders are the queue when the collector is not available. So the retention time of the Security Log is a very important, but out-of-the-box not monitored by OpsMgr. Today I decided to create a PowerShell monitor which monitors the retention time of the security event log. This PowerShell monitor uses the following script to define the retention of the Security event log of an ACS forwarder.
SCOM 2012: Get all computers with a specific alert (PowerShell)
StandardYesterday I received a question about: ‘Can you give me all unique computers with the following active alert’. My answer was ‘Yes, I Can!’. My first idea was to solve this with a PowerShell script and here it is. A short script of 2 lines which gives you all unique agents with the alert: ‘Workflow Initialization: Failed to start a workflow that runs a process or script’.
Import-Module OperationsManager
New-SCOMManagementGroupConnection -Computername "<<MGMT_SRV>>"
#Get all alerts complaining about missing credentials "System Center Management Health Service Credentials Not Found Alert Message"
$hosts = Get-SCOMAlert | Where-Object {$_.Name -eq "Workflow Initialization: Failed to start a workflow that runs a process or script" -and $_.ResolutionState -ne '255'} | Select PrincipalName
$hosts.GetEnumerator() | Sort-Object -Property PrincipalName -Unique
Before you can use this script in your environment you have to change the string: <<MGMT_SRV>> and probably the name of the alert. The string <<MGMT_SRV>> needs to be replaced with one of your SCOM management servers.
Have fun!
SCOM 2012: SCOM Groups based on AD Groups (PowerShell)
StandardBased on an article of Boris Yanushpolsky I was inspired to build a PowerShell equivalent. Boris described how you could populate an SCOM group with members of an Active Directory group. His example was using VBScript. Since I’m trying to avoid VBScript I have created a PowerShell one.
SCOM 2012 ACS: Powershell Collector (automatic) failover script
StandardLast week I was installing a SCOM 2012 R2 environment with Audit Collection Services. Audit Collection Services is one of the additional functionalities of SCOM 2012 R2. ACS uses one or more Management Servers for the collector role. This role will collect all security logs from the agents. The challenge with the collector role is about the high availability of this role.
SCOM 2012 Network Monitoring: Rename Network Adapter
StandardEveryone who has implemented SCOM 2012 Network Monitoring will be satisfied with the improvements with respect to SCOM 2007. More and more devices can be deeply monitored with SCOM 2012. One of the downsides at this moment is the naming of the Network Adapters. The name inside SCOM does not always reflect the name on the switch. See the following example:
SCOM 2012 Export Overrides Powershell Script
StandardToday I was looking for a PowerShell script which can export all overrides based of a specific Management Pack. I found a script of Daniele Muscetta and Pete Zerger from SystemCenterCentral. This script did not worked out of the box on SCOM 2012 so I fixed that and added ‘HTML’ as output option. So with my addition it can be used on SCOM 2012 environments and the output can be a csv or html file.
SCOM 2012: Powershell Maintenance Mode Script
StandardPutting hosts in Maintenance mode through the SCOM console is not the fasted way when you have more than 1 host on which you want to activate Maintenance Mode and when the host is also part of a cluster it’s not enough to only add a maintenance window for that host. You will still receive cluster alerts from the cluster on where the host resides. So today I created the first version of my own Maintenance Mode script. The script has the following functionality: Continue reading
SCCM 2012: Add FQDN of host as TS variable
StandardYesterday I created a small powershell script which adds the FQDN of a host as a Task Sequence variable to a SCCM task sequence. See below the script: Continue reading
Hiding the task sequence progress dialog box
StandardLast week I had a script which generated popup during my task sequence. This popup was visible behind the task sequence progress window. I searched for a solution to hide the task sequence progress window and found a post from Michael Niehaus on the TechNet blogs. The link to the original post is: