Microsoft Baseline Security Analyzer (MBSA) – on remote computer without a trust

In order to run Microsoft Baseline Security Analyzer (MBSA) against a remote computer with alternative credentials – such as computers in a perimeter without a trust – you have to either call MBSA from command line or connect to the remote computer using NET USE. Below are shown both alternatives:

Alternative #1 – command line

MBSACLI.EXE /target <server name> /u <username> /p <password>

 

Alternative #2 – GUI (with net use)

Launch MBSA GUI

Before the scan is started run a Command Prompt as Administrator to specify alternative credentials with NET USE and the remote computer ip-adress.

NOTE: It is important to use Run As Administrator because Microsoft Baseline Security Analyzer (MBSA) is also running as administrator!

net use \\<computer-ip> <remote-password> /user:<remote-user>

When this is done Microsoft Baseline Security Analyzer (MBSA) can start scanning the remote computer from GUI

SCOM 2007 R2 create/install databases using DBCreateWizard.exe – even remotely!

Instead of using MSI to create SCOM databases, you have the option to use DBCreateWizard.exe which can be found in the SupportTools folder. DBCreateWizard also gives the option to create the databases remotely when using command line like shown below:

OPERATIONS MANAGER DATABASE

DBCreateWizard.exe DBType:"Operations Manager Database" SQLInstance:<SQLinstance> DBName:<SQLdbName> ManagementGroup:<ManagementGroup> UserGroup:<AD_AdminGroup> DBCreate DBSize:<SQLDBsize> DBPath:<SQLdataPath> LOGPath:<SQLlogPath>

 

OPERATIONS MANAGER DATA WAREHOUSE DATABASE

DBCreateWizard.exe DBType:"Operations Manager Data Warehouse Database" SQLInstance:<SQLinstance> DBName:<SQLdbName> DBCreate DBSize:<SQLDBsize> DBPath:<SQLdataPath> LOGPath:<SQLlogPath>

DBCreateWizard.exe creates a log file starting with dbCreateWiz in the temp folder.

If DBCreateWizard.exe is started without command line parameters the GUI will show.
NOTE: It is not possible to create databases remote from the GUI!

SCOM 2007 R2 command line install

To install System Center Operations Manager from command line use the parameters highlighted below:

DATABASE

msiexec.exe /i <FilePathMOMmsi> /qn /l*v <FilePathLog> ADDLOCAL=MOMDB USE_SETTINGS_FROM_AD=0 MANAGEMENT_GROUP=<MgmtGroup> SQLSVR_INSTANCE=<SqlServerInstance> DB_SIZE=<SqlDBsize> ADMIN_ROLE_GROUP=<ADadminRoleGroup> DATA_DIR=<SqlDBdataDir> LOG_DIR=<SqlDBlogDir>

 

MANAGEMENT SERVER (RMS or MS)

msiexec.exe /i <FilePathMOMmsi> /qn /l*v <FilePathLog> ADDLOCAL=MOMServer USE_SETTINGS_FROM_AD=0 MANAGEMENT_GROUP=<MgmtGroup> MOM_DB_SERVER=<SqlServerInstance> ACTIONS_USE_COMPUTER_ACCOUNT=0 ACTIONSUSER=<AccountActionUser> ACTIONSDOMAIN=<DomainActionUser> ACTIONSPASSWORD=<PasswordActionUser> SDK_USE_COMPUTER_ACCOUNT=0 SDK_ACCOUNT=<AccountSDK> SDK_DOMAIN=<DomainSDK> SDK_PASSWORD=<PasswordSDK>

 

CONSOLE (UI)

msiexec.exe /i <FilePathMOMmsi> /qn /l*v <FilePathLog> ADDLOCAL=MOMUI USE_SETTINGS_FROM_AD=0 MANAGEMENT_GROUP=<MgmtGroup> ROOT_MANAGEMENT_SERVER_DNS=<FQDN_RMS>

 

WEBCONSOLE 

msiexec.exe /i <FilePathMOMmsi> /qn /l*v <FilePathLog> ADDLOCAL=MOMWebConsole WEB_CONSOLE_AUTH_TYPE=<0:Windows Authentication | 1:Form based authentication> ROOT_MANAGEMENT_SERVER_DNS=<FQDN_RMS>

 

AGENT

msiexec.exe /i <FilePathMOMagentmsi> /qn /l*v <FilePathLog> USE_SETTINGS_FROM_AD=0 MANAGEMENT_GROUP=<MgmtGroup> MANAGEMENT_SERVER_DNS=<FQDN_MS> ACTIONS_USE_COMPUTER_ACCOUNT=0 ACTIONSUSER=<AccountActionUser> ACTIONSDOMAIN=<DomainActionUser> ACTIONSPASSWORD=<PasswordActionUser>

 

DATAWAREHOUSE (REPORTING DATABASE)

msiexec.exe /i <FilePathReportingmsi> /qn /l*v <FilePathLog> ADDLOCAL=MOMREPORTINGDB SQLSVR_INSTANCE=<SqlServerInstance> MOMREPORTINGDBNAME=<DBname> DB_SIZE=<SqlDBsize>

 

REPORTING SERVER

msiexec.exe /i <FilePathReportingmsi> /qn /l*v <FilePathLog> ADDLOCAL=MOMREPORTING SQLSVR_INSTANCE=<SqlServerInstance> MOMREPORTINGDBNAME=<DBname> MGSERVER=<ManagementServer> PREREQ_COMPLETED=1 REPORT_SERVER_FULL_HTTP_PATH="http://%COMPUTERNAME%:80/ReportServer$INSTANCE1" DATAREADER_USER=<AccountDataReader> DATAREADER_DOMAIN=<DomainDataReader> DATAREADER_PASSWORD=<PasswordDataReader>

 

WordPress Roles and Capabilities – list

WordPress contains the roles Administrator, Editor, Author and Contributor which gives the following capabilities:

Administrator
■ activate_plugins
■ add_users
■ create_users
■ delete_others_pages
■ delete_others_posts
■ delete_pages
■ delete_plugins
■ delete_posts
■ delete_private_pages
■ delete_private_posts
■ delete_published_pages
■ delete_published_posts
■ delete_themes
■ delete_users
■ edit_dashboard
■ edit_files
■ edit_others_pages
■ edit_others_posts
■ edit_pages
■ edit_plugins
■ edit_posts
■ edit_private_pages
■ edit_private_posts
■ edit_published_pages
■ edit_published_posts
■ edit_theme_options
■ edit_themes
■ edit_users
■ export
■ import
■ install_plugins
■ install_themes
■ list_users
■ manage_categories
■ manage_links
■ manage_options
■ moderate_comments
■ promote_users
■ publish_pages
■ publish_posts
■ read_private_pages
■ read_private_posts
■ read
■ remove_users
■ switch_themes
■ unfiltered_html
■ unfiltered_upload
■ update_core
■ update_plugins
■ update_themes
■ upload_files

Editor
■ delete_others_pages
■ delete_others_posts
■ delete_pages
■ delete_posts
■ delete_private_pages
■ delete_private_posts
■ delete_published_pages
■ delete_published_posts
■ edit_others_pages
■ edit_others_posts
■ edit_pages
■ edit_posts
■ edit_private_pages
■ edit_private_posts
■ edit_published_pages
■ edit_published_posts
■ manage_categories
■ manage_links
■ moderate_comments
■ publish_pages
■ publish_posts
■ read
■ read_private_pages
■ read_private_posts
■ unfiltered_html
■ upload_files

Author
■ delete_posts
■ delete_published_posts
■ edit_posts
■ edit_published_posts
■ publish_posts
■ read
■ upload_files

Contributor
■ delete_posts
■ edit_posts
■ read

For more further details see WordPress Codex here.

SCOM 2007 R2 Agent could not connect to Management Server (Event 21006)

After installing agent event 21006 is shown in EventLog:

Log Name:      Operations Manager
Source:        OpsMgr Connector
Date:          16-12-2010 14:13:56
Event ID:      21006
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SCOM.domain.local
Description:   The OpsMgr Connector could not connect to  SCOM.domain.local :5723.
               The error code is 11004L(The requested name is valid, but no data
               of the requested type was found.).  Please verify there is network
               connectivity, the server is running and has registered it's
               listening port, and there are no firewalls blocking traffic to
               the destination.

This is because the agent is unable to connect to Management Server. When connection fails no data will be sent to the Management Server, and typically no errors indicating connection failed will show up at the Management Server event log.

Verify agent can resolve Management Server adress and no extra characters(space) are present in the name specified during Agent installation.

In the picture above the agent is trying to connect to a Management Server which has a space before and after the FQDN. The extra spaces are easily overlooked in Event Properties.