By Mark Burnett
Systems Management Server (SMS) and Microsoft Operations Manger (MOM) have long been great tools for managing a large Windows infrastructure, but I have noticed that as networks get more complex, basic security best practices are the first to suffer.
With Systems Center Operations Manager 2007, security is so pervasive that it becomes a natural part of the process rather than a burdensome add-on. I recently watched a TechNet webcast by John Baker, and IT Pro Evangelist at Microsoft, that goes into great detail on these new security features. You can view the webcast, Security and Enterprise Features of System Center Operations Manager 2007.
The first of the new System Center Operations Manager 2007 security features covered in the webcast is role-based security. As the webcast explains, roles are a combination of profile and scope, both of which you can define down to an amazing level of granularity. John walks through these capabilities with a series of Operations Manager demonstrations.
Another huge improvement with System Center Operations Manager 2007 is the improvement of RunAs execution. Multiple RunAs commands, accessible only to administrators, only provide access to specific rules, tasks, and monitors and allows for a low-privileged account to gather events and performance counters. This also overcomes the problem of multiple management packs sharing the same identity.
Another big improvement John covers in the webcast is the enhanced Active Directory integration. This enables zero configuration agent provisioning, AD-based agent assignments, and automated deployment.
The webcast goes into so much detail about the new security features in System Center Operations Manager 2007, I would highly recommend viewing the webcast before doing any large scale deployment of the product on your network, especially if you manage a large or complex Windows-based infrastructure.
Security and Enterprise Features of System Center Operations Manager 2007