SCOM – Create monitor with a custom runas account

From time to time I create monitor that need to run with a specific credentials, also known as RunAs account. By default, SCOM performs all of its actions using the System Account, which is good enough for most of the tasks, but when you want to monitor a network share or perform SQL connections – you will have to use a custom RunAs account.

To achieve this, you will have to:

  1. Create the monitor using the Console, or what however you want to, and store it in an unsealed management pack.
  2. Using the console, create a RunAs Account with appropriate rights. Choose whether you want to distribute the RunAs to all agents or a specific agents, which is more secure.
  3. Using the console, create a RunAs Profile – make sure you store it in the same MP as before and associate it with the RunAs Account from the previous step.

 

Now comes the tricky part.

To associate the monitor with the RunAs Profile, you will have to manually edit the management packs’ XML file.

  1. Using PowerShell, identify the RunAs Profiles’ name
    (Get-SCOMRunAsProfile -DisplayName <RunAs_Profile_Display_Name>).Name
  2. Using PowerShell, identify the name of the monitor 
    (Get-SCOMMonitor -DisplayName <Monitor_Display_Name).Name
  3. Export the management pack and edit it (I use Notepad++ which is great for this task)
  4. Find the configuration section of the monitor
  5. Added the RunAs Profile to the config
  6. RunAs profile SCOM monitor

    RunAs profile SCOM monitor

  7. Save the xml file and re-import the management pack

 

That’s it 🙂

 

What do you think about this post?