I have extracted and saved the current version of the Exchange 2007 management pack and saved it to here on the http://www.opsmanjam.com site.  Chris

In May of 2008, I wrote a post announcing the release of a Security Hardening Guide for Operations Manager 2007 and Windows Server 2003. A new version of the Security Hardening Guide for use with Operations Manager 2007 R2 and Windows Server 2008 is now available at http://go.microsoft.com/fwlink/?LinkId=153917

This new release is for use with Operations Manager 2007 R2 running on the following operating systems:

• Windows Server 2008
• Windows Server 2008 with Service Pack 1
• Windows Server 2008 with Service Pack 2
• Windows Server 2008 R2

The Security Configuration Wizard (SCW) is automatically installed with Windows Server 2008 including the scwcmd command-line tool and is accessed in Server Manager (under Security Information…Run Security Configuration Wizard) or in Administrative Tools..Security Configuration Wizard.

In OM2007R2, we have introduced two new complex deployment scenarios we did not support in OM2007SP1.  I am going to take a few minutes here and outline the new scenarios and procedures. 

Adding Clustered RMS to an Existing Deployment

In OM2007SP1, clustering a Root Management Server (RMS) was only supported during the initial deployment of a management group.  If you were to install a clustered RMS you needed to do this as the very first thing after deploying the first management server.  If you later decided to cluster RMS (after you have deployed agents) the ManagementServerConfigTool would detect every Health Service in the management group and add them to the RMS cluster in the Operational Database.  Basically, leaving your management group in a broken state.  At this point,you would be forced to restore from backup.

In OM2007R2, we have made some changes to the ManagementServerConfigTool to support adding a new RMS cluster to an existing management group. 

Supported

What we have done here is added two new management server to the management group, setup the RMS cluster group, and ran our ManagementServerConfigTool with the “InstallCluster” switch.

Procedure:

1. Backup the OM DB
2. Setup Cluster Disk, IP and Network Name
3. Install OM R2 Management Server on all Nodes
4. Restore encryption on all nodes
5. Create cluster service resources (HS, CS, SDK) (Leave resources offline)
6. On active node, run ManagementServerConfigTool w\ “InstallCluster” switch

Note: Go here for detailed instructions on creating the RMS cluster group.

Additional Info:

A Few things to note:

• This will demote the existing RMS to a MS during the process.
• All agents and management servers reporting to the existing RMS will be redirected to the new clustered RMS. If you are planning on keeping the old RMS as a MS you should redirect all agents back . Gateway assignment will not change.
• If creating a new RMS cluster where the current RMS is x64 and the new RMS cluster will be x86. You will need to manually demote the x64 RMS. (this will be rare).  You will receive instructions from the managementserverconfitool with the command you will need to run.

Known Issues:

If your current RMS OMSDK or OMCFG account is “Local System” you will need to switch to using a domain account before proceeding with adding the RMS Cluster. 

On the new server hosting the OperationsManager database, add the correct permission for the login of the root management server on which the SDK Account is running, as follows:

1. Open Microsoft SQL Server Management Studio, and in the Object Explorer pane, navigate to Security and then expand Logins.
2. Locate the SDK Account, and add the account if it is not listed.
3. Right-click the SDK Account, and select Properties.
4. In the Login Properties dialog box, in the Select a page pane, select User Mapping.
5. In the Users mapped to this login list, in the Map column, select the box that corresponds to OperationsManager (default name).
6. In the Database role membership for: OperationsManager list, ensure that the following items are selected: configsvc_users, db_datareader, db_datawriter, db_ddladmin, and sdk_users.
7. Click OK to save your changes and to close the Login Properties dialog box.
8. Recycle RMS Health Service

Note

Before you can use discovery, you must restart the following services: System Center Data Access, System Center Management Configuration, and System Center Management Services. You might also need to restart the following services: SQL Server and SQL Server Agent.

Unsupported:

Below I have highlighted some of the most common unsupported scenarios.  If your scenario does not match the one highlighted above it is not supported.

Upgrading SQL From SQL Server 2005 to SQL Server 2008

In OM2007R2, we are supporting a new installation of OM on SQL 2008 as well as upgrading your SQL 2005 Server to SQL Server 2008.

Upgrade order:

1. Upgrade all OM DB roles to OM2007R2 (OMDB, OMDW, ACSDB, OM Reporting)
2. Backup all DB’s
3. Upgrade Operational DB to SQL 2008 with SP1
4. Upgrade OM DW to SQL 2008 with SP1
5. Upgrade ACS DB to SQL 2008 with SP1
6. Upgrade OM Reporting according to the instructions in the upgrade guide, (Note: Reporting is the only role that requires following a set of procedures)

New Tools for Reporting upgrade:

• SRSUpgradeTool.exe
• This does a basic config file restore and registry updates of SCOM Reporting’s MSI components. This tool has to run before and after SQL instance upgrade.
• SRSUpgradeHelper.msi
• This tool needs to be run after the SQL 2008 upgrade is complete and you have run the SRSUpgradeTool tool with the “postSQLUpgrade” switch

Reporting Upgrade Procedure:

1. Run the SRSUpgradeTool with the “PreSQLUpgrade” switch
1. This will basically restore the three config files we backed up during the initial installation of OM. This is necessary because SQL 2008 install detects are custom security extensions and blocks upgrade until they are removed
2. Upgrade to SQL 2008
   Note: Do not apply SP1 of SQL 2008 our tool will not run on SP1
3. Once SQL Upgrade is complete, run SRSUpgradeTool with the “PostSQLUpgrade” switch
1. This will update the registry entries for installed components of OM reporting to point to new SRS folder location
4. Run SRSUpgradeHelper.msi tool to place the OM reporting related files on new SRS folder and set the SRS configuration
5. Upgrade to SQL 2008 SP1 (Remember to apply SP1 of SQL 2008, SQL fixed some report rendering issues for us in this service pack)

Rob Kuehfus | System Center Operations Manager | Program Manager

Disclaimer:

This posting is provided "AS IS" with no warranties.
Use of included tools and reports are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Overview

• SLD 2.0 Release Notes.rtf
• Microsoft.EnterpriseServiceMonitoring.ServiceLevelDashboard.R2.mp
• Service Level Dashboard 2.0_x86.msi
• Service Level Dashboard 2.0_x64.msi
• Service Level Dashboard 2.0 for Operations Manager 2007 R2 User Guide.docx
• Supplemental License for Service Level Dashboard for OpsMgr 2007 R2.rtf

To read more about this Solution Accelerator online at TechNet click here.

Send questions or feedback to us directly at SATfdbk@microsoft.com

Get it here: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=1d9d709f-9628-46a8-952b-a78f5dd2bdd9

Dear Operations Manager Community,

Available by 2nd half of 2009 (late fall) - brought to you by the System Center Cross Platform team.

Provide Audit Collection Services (ACS) for Unix and Linux systems

1. Leverage OpsMgr 2007 R2 Cross Platform infrastructure to enable Unix/Linux auditing
2. Collect and aggregate audit events across enterprise systems for a singular view
3. Out of the box support for base OS audit events

Reporting – base OS auditing reports

1. Access violations - unsuccessful logon attempts
2. Account management - Account creation/deletion/password change
3. User logons
4. Administrator activity - su, sudo
5. Forensic – all events for a computer/event ID

Management Pack (to collect events)

1. Out of the box MP for each platform
2. Datasources - Syslog, su log, audit, etc.
3. Audit event collection:
1. Logons – success/failure (Ssh, telnet, rsh, tty, ftp)
2. Privilege use activity – su, sudo
3. Account activity – create/delete/password change

Platforms

1. RedHat Enterprise 4, 5
2. Novell SLES 9, 10
3. Solaris 9, 10
4. HPUX 11iv2, 11iv3
5. AIX 5.3, 6.1

Provide the infrastructure to extend enterprise auditing - potentially for things like:

1. Network devices (e.g. Firewalls, Routers, Load balancers)
2. Applications (e.g. Databases, ERP/CRM systems)
3. Leveraging standard System Center Cross Platform logfile provider (or build your own customer provider) to read events 

Delivery

1. Out of band, dependent on OpsMgr 2007 R2
2. CY 2H09

ACS reports that will come out of the box with System Center Operations Manager 2007 R2, will support Windows Server 2000, 2003, 2008 and 2008 R2.
In addition, R2 which has many new enhancement and features - and for ACS in particular, it will also include more robust creation of indexes for better query performance.
Oh, and here's the cool part - by 2nd half of 2009 - the System Center Cross Platform team will extend ACS in OpsMgr R2 to support Linux and Unix systems as well!

We have also included several new reports:

• Access_Violation_-_Account_Locked.rdl
• Policy_-_Account_Policy_Changed.rdl
• Policy_-_Audit_Policy_Changed.rdl
• Policy_-_Object_Permissions_Changed.rdl
• Policy_-_Privilege_Added_Or_Removed.rdl

Most reports have been rewritten for enhanced performance. Each report will query for relevant security events from Window Server 2000, 2003, 2008, 2008 R2 (as well as Windows XP, Vista and Windows 7) and normalize the different fields from different OS versions such that the data are presentated in a single coherent format.

Ok, but what if you are using System Center Operations Manager 2007 SP1's ACS feature and need reporting support for Windows Server 2008 today?
Well, we have taken the curtosy of providing these reports for you here* (see attachement - please do not re-distribute the reporting package).
Installation is pretty simple:

1. Rename your existing Audit Reports folder in SRS to another name (Say Old Audit Reports)
2. Copy the zip file to your local machine and unpackage it into a local folder (say C:\ACS)
3. In C:\ACS, run UploadAuditReports

UploadAuditReports {DatabaseServerAndInstance} {ReportingServiceURL} {ReportFolder}
Example (database with instance):
UploadAuditReports MyDBServer\Instance1 http://MyDbServer/ReportServer$Instance1 C:\MyReports
Example (database with no instance):
UploadAuditReports MyDBServer http://MyDbServer/ReportServer C:\MyReports

That's it!

*note: these reports have only been tested and verified for R2, but should technically work for SP1 as well

This posting is provided "AS IS" with no warranties.
Use of included tools and reports are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

From the SystemCenterCentral Administration Team 

PRESS RELEASE

We are proud to announce SystemCenterCentral.com, the site to visit for "Everything System Center".

SystemCenterCentral.com was founded by three System Center community members; Pete Zerger, Rory McCaw and Maarten Goet. SystemCenterCentral.com is a community initiative that will combine a number of existing Internet properties under a single community site and strive to become the leading community landing page for all System Center technologies.

As Microsoft continues to invest in its System Center brand, we feel that there is a need for a community site that focuses exclusively on the technologies included in this suite of products. Unlike other community sites, the motivation behind this site is to continue to give back to the community at large, one of the reasons why each of the founders have been awarded the Microsoft MVP title.

The official launch of SystemCenterCentral.com will be at the Microsoft Management Summit (MMS) in Las Vegas, NV, the week of April 27 to May 2, 2009. SystemCenterCentral.com has a dedicated community area where you can check out the site, get more information or become a member!

At this time you will find blogs, where well-known MVPs will start blogging in the coming days, a download area, a community "pack catalog" and forums. Later in May, we will be launching a wiki and a ‘community feedback' platform and other exciting features.

SystemCenterCentral.com is a strong supporter of user groups. We have the commitment of the following user groups to user SystemCenterCentral.com as the main landing page to find their user group and some of these groups will transfer their internet presence to SystemCenterCentral.com in the following weeks:

Atlanta Systems Management User Group, Microsoft Enterprise Management User Group (Denver), System Center Professional's User Group of Jax (Florida), New York System Center User Group, Portland EPG System Center User Group, Northwest System Center User Group (Seattle), Windows Management User Group (UK), System Center User Group (Netherlands), System Center User Group (Belgium), System Center User Group (Malaysia), System Center Virtual User Group and the Powershell Virtual User Group.

We would like to thank our sponsors for making this possible. Both Quest Software and Microsoft are supporting SystemCenterCentral.com as Gold Sponsors and will be active participant in this new online community. By having them as gold sponsors, we are confident this will become the go-to, online community for all things System Center..

Also, we would like to thank Bridgeways and SecureVantage, who are supporting SystemCenterCentral.com as Silver Sponsors.

Not going to MMS, but still want to check out this new System Center community site? Go to www.systemcentercentral.com now and join!

Best regards,

Peter Zerger, Rory McCaw and Maarten Goet