Log an Event when an Advertisement with a Mandatory Assignment is Modified

One of our clients needed to be alerted when an advertisement with a mandatory assignment was modified.  They needed to make sure that no advertisement targeted systems during business hours.  A solution was developed where an event is logged in the application log if an advertisement with a mandatory assignment is modified.  The event description contains advertisement, collection and the start time of the scheduled assignment.  The event can be then watched by System Center Operations Manager to alert the appropriate group.

The solution is based on creating a status filter rule that runs a program.  The rule watches for message ID 30007, which is the message ID for the status message that gets created when an advertisement is modified.

For action, the rule runs a VB script that we developed.

The key for this to work is that the status filter rule passes to the script the advertisement ID.  This is done by passing one argument to the script: %msgdesc

The script uses the advertisement ID to query the SCCM database and determine if it has a mandatory assignment.  If it does, then an event is logged with a description that includes the following:

  • User who modified the advertisement
  • Advertisement ID
  • Advertisement Name
  • SCCM Program referenced by the advertisement
  • Collection ID being targeted
  • Collection name
  • Start time of scheduled assignment (if there is one)

System Center Operations Manager can then monitor the site server for this specific event and take appropriate action.



Contact Us

On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
WME Cybersecurity Briefings No. 008
Cyber Security

WME Security Briefing 03 May 2024

Security Bulletin: MITRE Corporation Targeted by Nation-State Cyber Attack Overview The MITRE Corporation, a prominent security and cybersecurity researcher in the USA, has fallen prey to compromise in its environment because of a sophisticated cyberattack from

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.