The first of four sessions on Operations Manager 2012 has been presented at the Tech Ed North America 2011. This session provides you with an overview of the capabilities in Operations Manager 2012.

 

microsoft · operations manager · opsmgr · Scom · sessions

I invite you to read the previous posts :

ACS Part I : Introduction & Collector Installation
ACS Part II : ACS Reports Deployment & Access

Now that your collector and reporting servers are up and running, we will enable the Forwarder service for the servers that you want to store security events in the ACS database.

1. Go to the OpsMgr Console > Monitoring > Operations Manager > Agent State.

2. Select the servers for which you want to enable the ACS forwarder and in the task pane, click on Enable Audit Collection.

3. Click on Override  and precise your ACS Collector server name in the new value field.

4. Review your configuration :

5. Click on Run and review the result :

6. To check if your forwarders are well connected to your Collector, you could go to the OpsMgr Console > Microsoft Audit Collection Services > Collector > Performance > Connected Clients.

You have now a functional ACS environment.  
The next posts will be about the ACS Reports utilization and on how to use ACS in an untrusted environment.

Christopher KEYAERT.

ACS · click · deployment · III · Reports

Previous post about ACS :

ACS Part I : Introduction & Collector Installation

Reports Deployment

Now that you have a running ACS Collector, you have to publish the ACS Reports on your SQL Reports Services server. 

1. From the Operations Manager source, copy the files and folders present in the ReportModels\ACS to temporary folder, for example: D:\ACS

2. Open a command prompt
3. Go to the folder you just created (D:\ACS)
4. Executing the following command

UploadAuditReports.cmd reportsrvfqdn http://reportsrvfqdn/ReportServer ACSFOLDER

5. Don’t take care of the two warnings

6. Start your web Brower and go to http://reportsrvfqdn/Reports

7. Click on Show Details and go to DB Audit.
8. Adapt the Connection String field to point to your ACS Database
For example:
data source= xxxx\SQLDB1;initial catalog=OperationsManagerAC;Integrated Security=SSPI

9. If you are using the same reporting for Operations Mananger and ACS, select also the option Credentials supplied by the user running the report and check Use as Windows Credentials when connection to the data source.

10. Click Apply.

Access Control List

1. Create a new Active Directory group for your Security Administrator and add them as member. (By example: SCOM2007-ACSAuditors)

2. Go to your Database server and add the group as Users for you ACS DB.

3. Grant your group as db_datareader of your ACS database.

4. Your Security Administrator could now access to the ACS Reports through the SQL Reporting Services Web Interface : http://reportsrvfqdn/Reports  > Audit Reports

The next post will be about the ACS Forwarder Configuration.
Feel free to contact in case of any remarks and/or comments.

Christopher KEYAERT

ACS · Audit Collection Services · operations manager · opsmgr · Scom