Thanks MBS!
I'm looking at this article, which seems to be a 'for dummies' walkthrough of setting this up for the Domain Admins group. http://social.technet.microsoft.com/wiki/contents/articles/how-to-get-operations-manager-2007-alerts-for-domain-group-membership-changes.aspx My hope is to understand the logic and syntax enough that I can (along with the link you sent me) make this work for the local Admin group on my member servers. I'll let you know how it goes! Jim From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, November 09, 2010 9:07 AM To: NT System Admin Issues Subject: RE: Event Log monitoring I wish it were trivial to export a rule/monitor/alert/notification and import it on another system, but other than that, I'm quite happy with OpsMgr 2007. Jim - I usually use two rules. One I bind to 2000/2003 servers and one to 2008/above servers; since the event ID changed. Here is a good resource for the security event ids: http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4624 If it isn't obvious what to bind, post back and I'll give you detailed instructions. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steve Kelsay [mailto:kels...@sctax.org] Sent: Tuesday, November 09, 2010 9:01 AM To: NT System Admin Issues Subject: RE: Event Log monitoring I need some resources too! This thing is not easy. Do something by the book and it doesn't work, so you call MS and they tell you, "Oh yeah, we knew that." SCOM in 24 days would be nice. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, November 09, 2010 8:59 AM To: NT System Admin Issues Subject: Re: Event Log monitoring SCOM 2007 is much easier to pick up than previous versions....I'm sure there are some resources others can recommend for learning it in a hurry (sorry I can't help, but I am upgrading 1200 WYSE terminals and don't have much time to hunt through my bookmarks) On 9 November 2010 13:52, Jim Holmgren <jholmg...@xlhealth.com> wrote: Funny you should mention that. I have SCOM deployed here and I'm looking at using it to do this right now. I have several hundred servers, but these 2 dozen-ish servers are bane of my existence right now. Our current SCOM implementation is under-utilized to put it mildly. SCOM alerts us when drives fill up, and when a server goes down - I know it can do oh so much more, but this is my first dance with SCOM and frankly I'm struggling with it. Our previous SCOM 'admin' quit shortly after my arrival, leaving me holding the bag. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, November 09, 2010 8:43 AM To: NT System Admin Issues Subject: Re: Event Log monitoring System Center Essentials? The full version of SCOM may be a little overkill for 20 systems. On 9 November 2010 13:31, Jim Holmgren <jholmg...@xlhealth.com> wrote: What's everyone using for Event Log monitoring? I have a situation where we have several production servers (mix of 2003/2008) that have had their local Administrators group membership changed over the course of a few months. Unfortunately, everyone but the janitor has local admin rights to these systems. I need to find a solution to centrally collect and alert on changes to local group membership. I can't keep up with manually checking the event logs on 20+ servers every day. I've used NetPro (now Quest) ChangeAuditor for Active Directory, but I'm looking for something that will look after a decent number of member servers. Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin