Tip

Working securely with Microsoft Operations Manager

Microsoft Operations Manager, or MOM for short, is one of the most powerful tools you can use to get an overview of how all of your servers are doing in one glance. Aside from analyzing performance and handling certain administrative functions, MOM handles some security-related functions as well. What often goes unexamined, though, is not the security settings for each system analyzed by MOM, but the security of MOM itself and the security of its connections to the servers you're managing with it.

There are several things you can do to enhance MOM's security:

Run the program in a different user context. MOM can run under the Local System account (the default for services) or in the Network Service account, where it has lowered privileges. This makes it harder to exploit the service.

Use MOM's scopes of operation to control which administrators can manage which computers. This reduces the chance of admins accidentally making changes on a machine they don't have responsibility or authority over -- which can be just as destructive as a malicious change.

Examine MOM's task auditing logs. MOM has task auditing enabled by default, so all tasks that run on MOM are recorded and can be read back if you're wondering what actions have indeed taken place or what might be going on that's not coming to your immediate attention.

Decide whether or not you need to use MOM agents. Agents in MOM -- the software installed on the servers themselves to monitor and report back to MOM -- are optional, not mandatory. You get far fewer management features, and the amount of network traffic going to and from the server goes up a bit if you choose not to use agents. But, if you can't deploy agents to each server or are worried about the possibility of agents being compromised (unlikely as it is), you can work without them. That said, agents are quite secure -- they're designed only to talk to MOM and to encrypt all the information they send.

For more information:
  • News: Microsoft to bundle MOM and WSUS
  • Tip: Watch for internal security threats
  • Turn off agent proxying. Agent proxying is a feature in MOM that lets agents forward information on behalf of another computer, but it's possible that it could be used as a way to allow malicious software to send incorrect data to the MOM server. If you disable agent proxying, you must enable mutual authentication for agents. But that's something you'll probably want to do anyway.

    Don't harden the server with third-party tools. Using a third-party tool to harden the MOM server can have unexpected consequences. If you run the IIS Lockdown Wizard, for instance, it'll disable critical components (like ASP.NET) that make MOM's Web-based admin console unusable. It's OK to audit the server's security settings, but apply any advice thus given only after making sure it won't send MOM into a spindizzy.

    About the author:Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!


    This was first published in December 2005

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.