Using OpsMgr to Detect SMB (Shared Folders) Connections to Windows Computers

I wrote this simple management pack couple of weeks ago to detect new SMB (Shared Folders) connection as well as disconnection events on OpsMgr agents. The MP contains two (2) WMI event rules, one for new connection event and one for disconnection event. Each rule generates a Informational alert: New Connection alert: Disconnection Alert: I’ve used the Microsoft.Windows.WmiEventProvider.EventProvider module as the data source module for both rules. The WMI queries used for these rules are: New Connection Rule:   Disconnection Rule: Both rules are disabled by default, you will need to enable them via overrides: I left this running on

Continue reading
%d bloggers like this: