Thursday, August 18, 2005

One Management Pack to Monitor them all...

The management pack called Microsoft Management Pack Notifier is very useful as you do not have to monitor the Microsoft sites to get the latest MPs. This MP will do the job for you. Unfortunately, it does not monitor report versions.

To benefit from it, first
download and install the MSI package. It creates Microsoft Management Pack Notifier.akm (and an EULA and a readme) below %programfiles%\MOM 2005 Management Packs\Microsoft Management Pack Notifier.

It seems to be old stuff, now being released for the public. The file is dated November 11th 2004.

Next import this MP from the administrator console using the Management Pack Import/Export Wizard. Remember to select 'Import Management Packs only' or you may be stuck in the Wizard when you must specify report to import (you can though step back).

The MP creates a new rule group called Microsoft Operations Manager MPNotifier, creates a new computer group called Microsoft Operation Manager MPNotifier MOM Server. The rule group contains a rule that check the versions against microsoft.com. This rule has a provider called MPNotifier-Schedule daily which runs the Microsoft MPNotifier Version Check script daily. Another rule fires off an alert when the versions mismatch. Finally an alert rule forwards the alerts to the Operation Manager Administrators notification group. I do not know why, but on my RTM test system, it does not fire off any alerts - I only get events.

An event looks like this -


You must manually add the server you want to check microsoft.com for updates to the new computer group. Keep in mind that the agent account on the server in question must have http access to microsoft.com across any firewall in the path. The actual URL it uses can be found in the script and is http://www.microsoft.com/management/mma/momnotifier.xml.

Unfortunately, the XML does not provide a direct download link. Let us hope, that will be added in the next release. Ideally, it should provide the option of downloading the files and even upgrade the MPs. The latter for test environments only naturally ;).

Wednesday, August 03, 2005

And I thought Power Users were a wise choice...

A lot of discussion is going on about the level of permissions one has when runing day-to-day tasks. This is not one day too early. The discussion has at least two branches: A) Administrators running without permissions and only having them when necessary and B) Standard users running as users, power users or local administrators.
Continuing on the B branch, I always thought that Power User were a pretty safe choice - at least it prevented the user from tampering with Group Policies.
This turns out to be a false feeling - even Microsoft warns us in this KB that Power Users are not safe:
A member of the Power Users group may be able to gain administrator rights and permissions in Windows Server 2003, Windows 2000, or Windows XP.

Unfortunately, there are no - useful - resolution to avoid this. I would have wanted a way to tweak Power Users, so it is safe. Microsoft claims that Power Users are intended for legacy stuff and wants you to only run software certified for Windows. Get real - LOL!

Well, anyway, I think Power User is still better than local administrators - i. e. until some easy-to-use tool makes elevating to administrator easy. You could also read
this post and its comments to get a feeling of how easy it is for an installation program to jeopardize the security of the system.

I came across the KB from the
Hall of Shame site.

BTW: Discussion A is covered
here.

Let us hope they get it right in Vista a. k. a. Longhorn as they
intent.

Vista and Virtual PC / Server

Now that Windows Vista is the hottest news, I just want to direct you attention to the excellent Virtual PC Guy blog. Especially these two entries contains valuable information: Running Virtual Server / Virtual PC on Windows Vista Beta 1 and the opposite Running Windows Vista Beta 1 under Virtual PC / Virtual Server.

SMS 2003 SP2 Beta starts

Vacation done...

Just got the invitation to join i.e. nominate myself. It is going to be interesting to see if they drop in new features just like they did for SP1 and in that case what they will improve.