Team blog of MCS @ Middle East and Africa

This blog is created by Microsoft MEA HQ near shoring team, and it aims to share knowledge with the IT community.With its infrastructure and development sides,It brings to you the proven best practices and real world experiences from Subject Matter Experts
Follow Us On Twitter! Subscribe To Our Blog! Contact Us

Operations Manager 2007 R2 Installation and Configuration (step by step) – Part 4 “Configure GPO for SCOM”

Operations Manager 2007 R2 Installation and Configuration (step by step) – Part 4 “Configure GPO for SCOM”

  • Comments 10
  • Likes

In this post series I will go through detailed step by step (with screenshots) related to System Center Operations Manager 2007 R2 Installation and Configuration that IT Administrator or technical consultant will need to build Operations Manager 2007 R2,

In 1st part here I started with “Pre-Build”,

In 2nd part here I continued with “Installing Operations Manager Database”,

In 3nd part here I continued with “Installing Root Management Server”,

And in this post I will continue with “Configure GPO for SCOM”,

Table below include step by step showing you how to Configure GPO for System Center Operations Manager 2007 R2:

Step

Description

Screenshot

 

Log on as a Domain Administrator on a computer with Administrative Tools such as a Domain controller or your Administrative Workstation

 

1.

From Administrative Tools, Select Group Policy Management.

clip_image002

2.

Navigate down to Group Policy Objects, Right Click on Group Policy Objects and Select New from the popup menu.

 

3.

Provide a Name for the GPO and Click OK.

clip_image003

4.

Right Click on the newly created GPO and Select Edit from the popup menu.

 

5.

On the Group Policy Management Editor window, Expand the Computer Configuration tree and navigate to Windows Firewall as shown in the figure below and Click to highlight Domain Profile. Double Click on Allow inbound file and printer sharing exception.

clip_image005

6.

On Enabled and provide the IP addresses of the Root (and Secondary if there is any & separated by a comma ",") Management Server, Then Click OK.

clip_image006

7.

On the Group Policy Management Editor window, Expand the Computer Configuration tree and navigate to Windows Firewall as shown in the figure below and Click to highlight Domain Profile. Double Click on Allow inbound remote administration exception.

clip_image008

8.

Click on Enabled and provide the IP addresses of the Root (and Secondary if any & separated by a comma ",") Management Server, Then Click OK.

clip_image009

9.

On the Group Policy Management Editor window, Expand the Computer Configuration tree and navigate to Windows Firewall as shown in the figure below and Click to highlight Domain Profile. Double Click on Define inbound port exceptions.

clip_image011

10.

Click on Enabled and Click on Show to define the port extensions. On the Show Contents dialog box, click Add.

clip_image013

11.

On the Add Item dialog box, do the following:

· Enter the following text: 5723:TCP:#.#.#.#:enabled:SCOMAgent

· Click OK.

Note:

IP Addresses should be the IP Addresses of Management Servers.

clip_image015

12.

On the Show Contents dialog box, Click OK.

clip_image017

13.

Click OK and close the GPO Editor.

 

In the coming post I will continue step by step for Operations Manager 2007 R2 Installation with screenshots.

 

Related Posts:

 

Comments
  • Part 5 just released.

  • Thanks for the how to.

    Step 11 has a typo "Aget" instead of "Agent". It just so happens to be in the part that you want to cut and paste! Some may not catch it. The Screen shot shows the correct string, however.

  • Thanks, Updated.

  • Part 5 released,

    Part 6 released,

    Part 7 released,

    Part 8 released,

  • Where is this GPO applied? At the root of the domain?

  • what is the purpose of this GPO setting? is it mandatory ?  what will happens if the GPO Part-4 steps is skipped

  • This step is required if you want to allow Domain Account for SCOM to deploy Agents remotlly, without need to be Domain Administrator.

  • Is this step required if the account used for deploying the agent has all required rights on the agent computer. Thanks , please let me know

  • New Similar detailed serier for Orchestrator 2010 posted blogs.technet.com/.../orchestrator-2012-deployment-amp-configuration-step-by-step-part-1-overview-and-architecture.aspx

  • can u explain the process of creating accounts for MomAdmin

    And also why do we use this MomAdmin Accounts

    What is the use of this Accounts

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment