SCOM Management Pack: Detecting USB Storage Device Connect and Disconnect Events

There was a requirement at work that people need to be notified when a USB storage device (USB key or portable USB hard disks) is connected or disconnected from SCOM monitored Windows computers. So I wrote a 2 very simple alert generating rules to detect USB Mass Storage Device creation and deletion WMI event. I set both rules to run every 60 seconds so within 60 seconds of the event, an Information alert is generated in SCOM: Alert for USB Storage Device Connection Event: Alert for USB Storage Device Removal Event: I have also created a dynamic group called Virtual

%d bloggers like this: