cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Server Configuration Manager 1.1 is Now Available! Who Made the Change?

Product Manager

I'm very excited to announce that SolarWinds Server Configuration Monitor (SCM)​ 1.1 is now available for download! This release expands on SCM 1.0 capabilities, both giving more detail for each change detected, and adding a new data source that can be analyzed for changes:

  • Detect “Who made the change” for files and registry
  • Detect changes in near real-time
  • Deploy PowerShell scripts and track changes in the output (with links to additional example scripts)
  • Set baselines for multiple nodes at once

Who made the change? In near real-time

SCM 1.0 is good at detecting changes in your Windows files and registry, but it didn't tell you who made the change, leaving you to do some additional investigative work. SCM 1.1 adds "who made the change" by leveraging our File Integrity Monitoring (FIM) technology, which also detects changes in near real-time -- a double benefit. Near real-time allows us to catch changes almost as they happen, and gives us a separate record for each change, even if changes are happening in rapid succession.

Turning on "Who made the change"

After you install or upgrade to SCM 1.1, you can easily turn on the "Who Made the Change" feature for the servers you want to monitor via a wizard:

  • From the "Server Configuration Summary -> What's New Resource," click the Set Up "Who Made the Change" Detection button
  • From the "All Settings -> Server Configuration Monitor Settings -> Polling Settings Tab," click the Set Up Who Detection button

Either way, it starts the "Who Made the Change" wizard.

The first step tells you about what happens when you turn on "Who Made the Change" detection:

The second step allows you to define the server exclusion list and turn on the feature:

Once you press Enable Who Detection, SCM will push out FIM driver to the agent(s) and turn it on, so file and registry changes will be monitored in near real-time rather than polled once a minute as in SCM 1.0. You can always come back and change the exclusion list or turn off "Who Made the Change" later.

Where to see "Who made the change"

You can see who made the change (user and domain) in a number of places, represented by the person icon.

  • SCM Summary: Recent Configuration Changes resource
  • Node Summary: Configuration Details and Recent Configuration Changes resources
  • Node: Content comparison, note the time I added to the file matches the time SCM shows the file changed.

Alerting

When building an alert, you can filter on "Who made the change" and add it to the text of your alert.

Reporting

The out-of-the-box SCM report includes "Who made the change" data.

Deploy and monitor the output of PowerShell scripts

Everyone's environment is different, and SCM could never monitor everything you want to "out-of-the-box." So, we added the ability to deploy and execute PowerShell scripts and compare the output over time. Now, configuration monitoring is only limited by your imagination and scripting super powers.

Adding a new script

I created a new Profile for this test, but you can add scripts to your current Profiles too.

First, create a new Profile and click Add to add a new element.

To add a PowerShell script configuration element:

  1. Choose PowerShell script as your Element type.
  2. Paste your script into the box.
  3. Click Add to add the element to the profile, then add again to save the profile.

Deploy and enjoy!

Once your new (or modified Profile) is ready, you can deploy it to one or more agents. From Server Configuration Monitor Settings > Manage Profiles, select the profile and click assign, then pick the servers you want, and walk through the wizard. SCM will deploy the scripts and start executing them on schedule.

Comparing the output

Comparing the output of the script over time works like any other source (file, registry, asset info) in SCM. You can set baselines and see changes in the content comparison. As you can see, the entire output of the script is captured and stored.

Mix and match elements in profiles

Don't forget -- one of the great things about SCM is you can mix and match elements in a single profile. Mix and match registry setting, multiple files, and PowerShell scripts into a single profile to monitor interesting aspects of your configurations.

Check Out Some Cool PowerShell Examples by Kevin

SolarWinds' own Technical Community Manager KMSigma put together some awesome examples of what SCM can do: Manage and Monitor PowerShell Scripts

Keep a lookout in our SCM forums for more PowerShell script examples in the future, and feel free to post your scripts too.

Set/Reset baselines for multiple nodes at once

Our early customers in large environments were limited to setting/resetting baselines one node at time, which was very painful when the dozens or hundreds of servers were updated (like a Windows update), so we addressed it quickly in this release. Now from the Server Configuration Monitor Settings screen, you can pick multiple servers, see a quick summary of the number of baselines you'll be updating, and then reset the baselines to the current output -- easy as 1-2-3.

What's next?

Don't forget to read the SCM 1.1 Release Notes to see all the goodness now available.

If you don't see the features you've been waiting for, check out the What We're Working on for SCM post for a list of features our dedicated team of configuration nerds and code jockeys are already researching. If you don't see everything you've been wishing for, add it to the Server Configuration Monitor (SCM) Feature Requests.

3 Comments
Level 12

Can wait to see what the community puts out there in regards to sharing profiles and what they have created.....good stuff!!!!

Level 12

Any suggestions on why a handful of machines are showing this?

Error occured at Aug 14, 2019 7:55 AM while polling powershell script element:Local Admin

Configuration profileLocal Admin Changes

Details

Execution of PowerShell script failed. > PowerShell: 4.0; .NET Framework: 4.7.1(461310); OS: 6.3.9600; ERROR MESSAGE: Get-LocalGroupMember : The term 'Get-LocalGroupMember' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + Get-LocalGroupMember -Group Administrators | Where-Object { $_.PrincipalSource - ... + ~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Get-LocalGroupMember:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException

Product Manager
Product Manager

Are you able to remote desktop to that machine and run that script without error?   What version of Windows are those servers?

About the Author
Ok, so I have been a geek for a long time, went to UT finally ended up at a startup, Tek-Tools where we built a monitoring and reporting product for Servers, Backups, Storage and Applications. In Jan 2010, Solarwinds bought Tek-Tools, and I was added to the PM team. When my mind actually wonders from making our products better, I am generally spending time with my family, reading, watching sports, arguing politics or tinkering with stuff (it can always be made better), with the occasional camping trip thrown in for good measure.