- Always create an “overrides management pack” when you import a sealed MP from a vendor. Decide on a naming convention and follow it. I like to name it mp.name(overrides) or mp.name overrides to match the default names in SCOM for monitoring and discovery.
- Create Universal AD Groups for security delegation. Universal groups can be mail enabled, meaning that you can use them for subscriptions also. In this way you can easily manage access to roles in SCOM and with the same mechanisms manage notifications. All by populating users in AD Groups.
Got this tip from “Alex De Jong”, attending one of his classes, credit goes to him (AlexdeJong.com)
- Create user roles for each management pack or service in your datacenter. Connect these roles to your ad groups created in the previous step. When you create the role, make sure you limit “Dashboards and Views” to what’s only related to the role.
Create subscriptions related to your roles. Then add your mail enabled groups as subscribers.
For conditions, select all related classes for your role in the subscription. And select “High” priority, Default nothing in SCOM is high priority, so by doing this you can choose what is critical to you by creating priority overrides.
- Create a group for each management pack, then disable the management pack for all computers but those who are members of your group. By doing this you can easily manage which computers you want to monitor “in dept”.
Go to the Authoring Pane > Management Pack Objects > Discoveries. Set your scope to your related management pack. Look for a discovery that targets a default class. Usually the Windows Server class is used. This is the initial discovery, to identify computers running a product, in this example Hyper-V, this discovery will trigger later discoveries so SCOM can learn more about the servers.
Override and disable the initial discovery for all objects off the class.
Then create a new override targeting your group, and select the “Enforced option” to make this override a priority.
By doing this you will make sure that you only have in dept monitoring of the servers you populate in your groups. Then you can delegate the task of maintaining these groups to each operator.