How to Audit and Alert Server Restarts with SCOM 2019 (2012/16)

No comments

How to Audit and Alert Server Restarts with SCOM 2019 (2012/16)


Often IT admins suffer from small to big outages due to unscheduled patches, failures, power, or someone mistakenly restarting a server in the middle of the workday without notifying anyone. I've created this "How to Guide" to help you set up this in your SCOM environment.

  1. On your SCOM Console, navigate to authoring and create a new Rule

  1. Fill in the Rule Name and Description, select Rule Category (Alert), rule Target (Windows Computer) and make sure Rule is enabled is checked.

  1. Event Log Type System

  1. Build Event Expression insert Event ID and Source

  1. Insert values where Event ID = 1074 and Event Source = User32.

  1. Set Alert Priority and Severity to fit your needs then Finish and Close

  1. Overview of your recently configured rule on the Squared Up HTML5 Console




That's it, you will now start tracking those restarts. 

Thanks for reading, please share and subscribe.

No comments :

Post a Comment