Using OpsMgr to Detect SMB (Shared Folders) Connections to Windows Computers

I wrote this simple management pack couple of weeks ago to detect new SMB (Shared Folders) connection as well as disconnection events on OpsMgr agents. The MP contains two (2) WMI event rules, one for new connection event and one for disconnection event. Each rule generates a Informational alert: New Connection alert: Disconnection Alert: I’ve used the Microsoft.Windows.WmiEventProvider.EventProvider module as the data source module for both rules. The WMI queries used for these rules are: New Connection Rule: [sourcecode language=”SQL”] Select * from __InstanceCreationEvent within 1 where TargetInstance ISA ‘Win32_ServerConnection’ and TargetInstance.ShareName !=’IPC$’ [/sourcecode]   Disconnection Rule: [sourcecode language=”SQL”] Select

Continue reading
%d bloggers like this: