Scott Moss at myITforum.com

The next System Center Virtual User group meeting #5 will be March 19th, 12 noon central time. We have a good mix of SCCM, DCM, Powershell and OpsMgr 2007, on with the agenda!

Agenda (Central Time Zone)

Registration

We have an excellent line up for this meeting so join us by registering here.

Presenter Bios

Jason Sandys a Senior Consultant at Catapult Systems, has over 10 years of experience in development and systems management. Jason concentrates on implementing and supporting Microsoft-centric solutions for a wide variety of customers, focusing primarily on Configuration Manager and Operations Manager. Jason is a contributing author to System Center Configuration Manager 2007 Unleashed.
Jason's blog http://myitforum.com/cs2/blogs/jsandys/
Tiny URL for the book on Amazon’s site - http://tinyurl.com/5gtlkg
The ConfigMgr Unleashed blog is at http://configmgr.spaces.live.com/

Harold Dyck with over twenty years in IT, is a thought leader in the Microsoft tools market. After attending Queen's University in Ontario, Canada, Harold spent several years at IBM then moved on to work as a pre-sales engineer at Microsoft. After several years of progressive success with Microsoft, he moved on to become the founder of MessageWise, a provider of enterprise management software solutions, which he subsequently sold to Quest Software (Nasdaq: QSFT) in 2000. Following the sale of MessageWise, Dyck was Entrepreneur-in-Residence (EIR) at Venture Coaches, where he reviewed and assessed investment opportunities in a range of technology startups. In 2003, Harold joined forces with Paul Chehowski and Randy Roffey to found Silect Software. Today, he serves as the company's President and CEO leading its business and execution strategy. http://www.silect.com/

Marco Shaw has been working in the IT industry for over 10 years. Marco runs the Virtual PowerShell User Group, and is one of the Community Directors of the PowerShell Community site  http://www.powershellcommunity.org. Marco recently received the Microsoft MVP Award for the second year in a row (2008/2009) for contributions to the Windows PowerShell Community. Marco holds several certifications ITIL, RHCE, LCP, and a MCP. Some of his recent authoring activities have included writing PowerShell content for Windows Server 2008 Administrator's Companion (Microsoft Press, 2008), a PowerShell related article on System Center Operations Manager 2007 (Microsoft TechNet Magazine, 2008), providing PowerShell content for Microsoft SQL Server 2008 Management and Administration (Sams, 2008), and has co-authored Windows PowerShell Unleashed, 2nd edition (Sams, 2008). Marco's blog: http://marcoshaw.blogspot.com

Kevin Holman is a Senior Premier Field Engineer with Microsoft supporting System Center Operations Manager for large enterprises.  He has been with Microsoft for 3 years and has been involved with large scale deployments of MOM 2005 and OpsMgr 2007, out of the Las Colinas, TX office.  Kevin has been in the technology industry for 14 years, previously as a Platforms Engineer for EDS.  He is active in the OpsMgr community, and maintains an OpsMgr blog, at http://blogs.technet.com/kevinholman/.  He currently lives in Plano, TX.

PC Audio only

Audio will only be available through Live Meeting.

Thank you for the continued support!

Scott Moss

VP - Southeast Management User Group (SMUG)
Virtual Gopher - System Center Virtual User Group

How would one manage two different management groups from one PowerShell console? This is when you would need to use the two cmdlets New-ManagementGroupConnection and Set-Location.  You have two different management groups, PROD and TEST. You open your PowerShell console, and it opens to PROD, but you want to work with the TEST management Group, do the following:

PS Monitoring:\PRODRMS
>new-managementgroupconnection TESTRMS
PS Monitoring:\PRODRMS
>set-location monitoring:\TESTRMS
PS Monitoring:\TESTRMS
>

Your now connected to the TESTRMS. Now to switch back to the PRODRMS do the following: set-location monitoring:\PRODRMS

PS Monitoring:\TESTRMS
>set-location monitoring:\PRODRMS
PS Monitoring:\PRODRMS
>

Your now connected to the PRODRMS.

If you downloaded the QFE update yesterday, trash it. Microsoft is in the process updating the QFE hotfix for OpsMgr 2007 that was released for the IIS MP. I'll update with a new post when the updated QFE hotfix has been released.

Prior to installing this IIS MP deploy this QFE update to the RMS, Management Servers, Gateway Servers, and manually installed agents.  QFE UPDATE

Windows Server Internet Information Services for System Center Operations Manager 2007 ver 6.0.6539.0

I could comment on how long some companies have been waiting on this to be released, but..

Looking forward to playing with this in the lab.

Windows Client 2000/XP/Vista Operating System Management Pack for Operations Manager 2007 

Overview

The Windows Client Monitoring Management Pack is built to detects, diagnose, and resolve hardware and software problems pertaining to Client 2000, XP, and Vista operating systems. Information and analysis on the issues that the system detected are collected by the MPs through an agent on the client machine, and sent to OpsMgr where this data is converted into health state, alerts (if need be) and processed for business critical and aggregate reports. The MP gives a clear picture of catastrophic failures in your mission critical machines, trend-based alerts of significant changes to computer groups, in-depth views of health of individual machines, and reports that provide a landscape view of the health of all monitored clients.
Feature Summary

• Key Processor Performance Indicators
• Logical and Physical disk performance and free space
• Memory utilization
• Network health
• Health monitoring of key Windows Operating System services
• Comprehensive performance collections
• Availability and event reports

• 3/23/2007 - Original release of the English version of Client 2000/XP management packs, version 6.0.5000.0
• 5/11/2007 - Original release of the English version of Vista management pack, version 1.0
• 1/15/2008 - Guide update of Client 2000/XP management packs, version 6.0.5000.0
• 2/22/2008 - Updated release of Client 2000/XP management packs, version 6.0.6278.0
• 5/27/2008 - Release onto Microsoft Download Center of Client 2000/XP management packs, version 6.0.6278.0
• 2/16/2009 - Update release that includes business Critical monitoring for Vista and bug fixes for performance and aggregate monitoring, version 6.0.6520.0

This MP has both windows 2003 and windows 2008 clusters covered.

http://www.microsoft.com/downloads/details.aspx?FamilyId=AC7F42F5-33E9-453D-A923-171C8E1E8E55&displaylang=en&displaylang=en

Overview

Here are some more handy powershell one liners that will get a count, a report or resolve alerts that were generated by rules in their various Severity states, informational, warning, and critical. The final one liner closes all alerts generated by rules.

Get a count of informational alerts created by a rule
-------------------------------------------------------
(get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''0'' AND IsMonitorAlert = ''False''').count

Report listing of Informational Alerts created by a rule
----------------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''0'' AND IsMonitorAlert = ''False'''|Group-Object Name |Sort -desc Count | select-Object Count, Name |Format-Table -auto

Resolve-Alerts that are created by a rule on infrmational alerts
-----------------------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''0'' AND IsMonitorAlert = ''False'''| resolve-alert -comment "CLOSE informational Alerts created by Rules" | out-null

Get a count of Warning alerts created by a rule
------------------------------------------------
(get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''1'' AND IsMonitorAlert = ''False''').count

Report listing of Warning Alerts created by a rule
--------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''1'' AND IsMonitorAlert = ''False'''|Group-Object Name |Sort -desc Count | select-Object Count, Name |Format-Table -auto

Resolve-Alerts that are created by a rule on Warning alerts
------------------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''1'' AND IsMonitorAlert = ''False'''| resolve-alert -comment "CLOSE Warning Alerts created by Rules" | out-null

Get a count of Critical alerts created by a rule
-------------------------------------------------
(get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''2'' AND IsMonitorAlert = ''False''').count

Report listing of Critical Alerts created by a rule
----------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''2'' AND IsMonitorAlert = ''False'''|Group-Object Name |Sort -desc Count | select-Object Count, Name |Format-Table -auto

Resolve-Alerts that are created by a rule on Critical alerts
-------------------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''2'' AND IsMonitorAlert = ''False'''| resolve-alert -comment "CLOSE Critical Alerts created by Rules" | out-null

Resolve all Alerts that are created by a rule
----------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND IsMonitorAlert = ''False'''| resolve-alert -comment "CLOSE ALL Alerts created by Rules" | out-null

The following are examples I demonstrated to show how easy and powerful PowerShell is to use with Operations Manager 2007.

Powershell House Keeping:
=========================
Update-Gac.ps1 only has to be run once per machine.

Speeding Up Powershell Startup - Update-Gac.ps1

Powershell's execution Policy is Restricted by Default. The setting that will allow scripts to run is Unrestricted.

To set the execution policy to unrestricted:
--------------------------------------------
Set-ExecutionPolicy unrestricted

To set the execution policy back to restricted:
-----------------------------------------------
Set-ExecutionPolicy Restricted

To check the current execution policy:
---------------------------------------
Get-ExecutionPolicy

Get-Agent Examples:
===================

To get the properties you can play with in Powershell use the GM -membertype property
--------------------------------------------------------------------------------------
get-agent | get-member -membertype property

Get a list of agents and their current health state:
-----------------------------------------------------
get-agent | sort-object computername | select-object computername, Healthstate | format-table -auto

Display proxy settings for all agents:
----------------------------------------
get-agent | ft name,proxyingenabled

Check the proxying on servers with SCCM in the name:
----------------------------------------------------
get-agent | where {$_.computerName -match 'SCCM'} | ft name,proxyingenabled

to set the proxying enabled on servers with the SCCM in the name is a small three lined operation (Brian Wrens Blog):
--------------------------------------------------------------------------------------

$agents = get-agent | where {$_.computerName -match 'SCCM'}
$agents | foreach {$_.ProxyingEnabled = $true}
$agents | foreach {$_.ApplyChanges()}

To get a list of computers that report to this management server
-----------------------------------------------------------------
get-agent | ft *displayname

To get a list of agent managed machines and their IP Address associated with the specified management server
--------------------------------------------------------------------------------------------------------------
get-agent | ft displayname, IPAddress

To get the computer name and who installed that agent on a computer with the ip address of "1.1.1.1"
-----------------------------------------------------------------------------------------------------
get-agent | where-object {$_.IPAddress -eq "1.1.1.1"} | format-list -property, displayname, InstalledBy

To get a list of computers whose names start with "EX*" associated with the specified management server:
---------------------------------------------------------------------------------------------------------
get-agent | where-object {$_.DisplayName -like "EX*"} | format-list -property, displayname

Get-ManagementPack and Export-ManagementPack
=============================================

Export all management packs in a management group:
---------------------------------------------------
get-managementPack | export-managementPack -path D:\MPDUMP\

Important Note about SCOM get data cmdlets:
===========================================

**Criteria Is Case Sensitive with all the get data SCOM cmdlets like Get-Alert, Get-Event, Get-PerformanceCounter, Get-PerformanceCounterValue!!

Notice the case used with the criteria below:
>(get-alert -criteria 'SeveritY = ''0''').count
Get-Alert : A property name in the 'Criteria' parameter is unknown.
At line:1 char:11
+ (get-alert  <<<< -criteria 'SeveritY = ''0''').count
PS Monitoring:\SCOMRMS001
>(get-alert -criteria 'Severity = ''0''').count
8627
PS Monitoring:\SCOMRMS001

**Using criteria with SCOM get data cmdlets applies the filter on the back end and will not use local resources. The where-object cmdlet will use local resources, so try not to use it.

GET-ALERT Examples:
===================

To get the properties you can play with in powershell using the Get-Alert cmdlet use the GM -membertype property
----------------------------------------------------------------------------------------------------------------------------------------------------
get-alert | get-member -membertype property

To show all alerts for Computer NOCDC01
----------------------------------------------------
get-alert -criteria 'NetbiosComputerName = ''NOCDC01'''

That showed too many alerts so let’s pipe the output to the export-csv cmdlet.
-------------------------------------------------------------------------------------------------------
get-alert -criteria 'NetbiosComputerName = ''NOCDC01'''| export-csv c:\alert.csv

To show all Resolved alerts for computer NOCDC01
----------------------------------------------------------------
get-alert -criteria 'NetbiosComputerName = ''NOCDC01'' AND ResolutionState = ''255'''

Quick counts of alerts and alert types:
====================================

count of all Informational alerts
----------------------------------------
(get-alert -criteria 'Severity = ''0''').count

count of all Warning alerts
----------------------------
(get-alert -criteria 'Severity = ''1''').count

To get a count of all Critical alerts
--------------------------------------
(get-alert -criteria 'Severity = ''2''').count

To get a count of all new alerts:
------------------------------------------
(get-alert -criteria 'ResolutionState = ''0''').count

To get a count of all new information alerts
-------------------------------------------------------
(get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''0''').count

To get a count of all new Warning Alerts:
-----------------------------------------------------
(get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''1''').count

To get a count of all new Critical Alerts:
-----------------------------------------------------
(get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''2''').count

A few examples of string wild card with Get-Alert
==================================================

Get a count of all alerts whose names start with AD.
------------------------------------------------------------------
get-alert -criteria 'Name Like ''AD%''' | measure-object

Get a count of how many alert names that have the string SQL in them.
-------------------------------------------------------------------------------------------
get-alert -criteria 'Name Like ''%SQL%'''| measure-object

Get open alerts whose alert names start with Agent proxying:
-------------------------------------------------------------------------------
get-alert -criteria 'Name Like ''Agent proxying%'' AND ResolutionState = ''0'''
or
get-alert -criteria 'Name Like ''Script%'' AND ResolutionState = ''0'''
or
(get-alert -criteria 'Name Like ''Script%'' AND ResolutionState = ''0''').count

Useful one liners if you use the SCCM and SQL MPS:
===================================================

Get a count of Alerts whose name is Auto Close Flag
------------------------------------------------------------------
(get-alert -criteria 'Name = ''Auto Close Flag''').count

Get a list of netbios computer names that have alerts named Auto Close Flag and get the name of the database that has that property enabled.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
get-alert -criteria 'Name = ''Auto Close Flag''' | ft -property Netbioscomputername, Monitoringobjectname

Get a list of netbios computer names that have alerts named Auto Shrink Flag and get the name of the database that has that property enabled.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
get-alert -criteria 'Name = ''Auto Shrink Flag''' | ft -property Netbios

Other Folks get-alert one liners:

Pete Zeger's Operations Manager 2007 Top Alerts Report

http://www.systemcenterforum.org/powershell-tip-operations-manager-2007-top-alerts-report-part-1/
--------------------------------------------------------------------------------------------------

get-alert | Group-Object Name |Sort -desc Count | select-Object -first 5 Count, Name |Format-Table -auto

walk thru of the one-liner:
Get-alert - Returns all alerts

Group-object - Returns the list with a count of the number of times the alert by a particular name occurs

Sort - To sort the list of alerts in descending order by count.

Select-Object - Allows us to remove the group column that obscures the display of the full alert name AND allows us to use the -first parameter to return only the top X alerts (top 5 in our example).

Format-table - with the -auto flag to left justify and remove the unnecessary space.

Keep in mind that the above one liner is for all alerts, both new and resolved.
So I modified Pete’s one liner to include only new alerts in the ‘report’.
To get a report of Top New Alerts just add the Get-Alert criteria for Resolutionstate = 0 like below:

Operations Manager 2007 Top Open Alerts Report:
----------------------------------------------------------------
get-alert -criteria ‘ResolutionState = ”0”’ | Group-Object Name |Sort -desc Count | select-Object -first 5 Count, Name |Format-Table -auto

Then to get the top closed alerts (change the criteria for resolution state to 255):
---------------------------------------------------------------------------------------------------------
get-alert -criteria `ResolutionState = "255"' | Group-Object Name |Sort -desc Count | select-Object -first 5 Count, Name |Format-Table -auto

Top 5 computers with new alerts.
-------------------------------------------
get-alert -criteria 'ResolutionState = ''0''' | Group-Object PrincipalName |Sort -desc Count | select-Object -first 5 Count, Name | Format-table -auto

Top 5 computers with resolved alerts:
------------------------------------------------
get-alert -criteria 'ResolutionState = ''255''' | Group-Object PrincipalName |Sort -desc Count | select-Object -first 5 Count, Name | Format-table -auto

Get top 5 new critical alerts by count:
-------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''2''' | Group-Object Name |Sort -desc Count | select-Object -first 5 Count, Name |Format-Table -auto

what alerts are open and created by a monitor
------------------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND IsMonitorAlert = ''True'''|Group-Object Name |Sort -desc Count | select-Object Count, Name |Format-Table -auto

what alerts are open and created by a rule
------------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND IsMonitorAlert = ''False'''|Group-Object Name |Sort -desc Count | select-Object Count, Name |Format-Table -auto

Get alert information and slap it into a csv file:
------------------------------------------------------------
get-alert  | select-object NetbiosComputerName, Description, Severity | Export-Csv -path “c:\alerts.csv“

RESOLVE-ALERT:
===============

using get-alerts cmdlet you can pipe specific alerts to the resolve-alerts cmdlet, and set options to close the alerts with:
----------------------------------------------------------------------------------------------------------------------------------------------------------
get-alert -criteria 'LastModified >= ''4/6/2008'' AND ResolutionState = ''0'' AND Category = ''Alert'''| resolve-alert -comment "Chuck Norris resolved these alerts with his fists of fury!!!!" | out-null

Close all open alerts that were generated by a Rule:
------------------------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND IsMonitorAlert = ''False'''| resolve-alert -comment "Closing rule generated alerts" | out-null

Close all open alerts that were generated by a monitor:
-----------------------------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND IsMonitorAlert = ''True'''| resolve-alert -comment "Closing Monitor generated alerts" | out-null

Reset health for a monitor called "Manual monitor" on all objects of the class "Contoso.MyCustomClass" currently in an Error state (Brian Wrens Blog)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
$mon = get-monitor | where {$_.displayName -eq 'Manual monitor'}
$mc = get-monitoringClass -name Contoso.MyCustomClass
$mc | get-monitoringObject | where {$_.HealthState -eq 'Error'} | foreach {$_.ResetMonitoringState($mon)}

GetMonitorThresholds script can be downloaded from Brian Wrens Blog):
---------------------------------------------------------------------------------------------
getmonitorthresholds.ps1 | where {$_.target -match 'sql'}

Resources:
===========

SCOM Blogs

Pete Zerger MVP Blog: http://www.systemcenterforum.org/

Jeremy D. Pavleck MVP Blog: http://pavleck.net/

Brian Wren MS Blog: http://blogs.technet.com/brainwren/default.aspx

System Center Operations Manager Command Shell Blog: http://blogs.msdn.com/scshell/

Powershell Blogs:

Marco Shaw MVP Blog: http://marcoshaw.blogspot.com

The Microsoft news group: microsoft.public.opsmgr.powershell

http://powershellcommunity.org/

http://powerscripting.wordpress.com/ podcast of what is going on in the world of powershell.

This is an Operations Manager 2007 MP Quality Survey. Its pretty quick and painless, and the feedback from the user community is needed. Pete Zerger put this together.

http://www.systemcenterforum.org/news/your-feedback-requested-operations-manager-2007-management-pack-quality-survey/

Thank you