Hi, We have SCOM 2012 installed but not configured. Can scom meet the following requirements or should we turn to a 3rd party software? -Domain changes -Changes to Group Policy Objects (GPO) -Schema changes -Administration rights change -User management activities - creation, modification or deletion of AD accounts -User logon activities -Security and distribution groups -Membership changes -Passwords changes -Enabled / disabled users -Account lockouts Thanks

Hi It depends on the scope of your project. SCOM is not an AD compliance tool - it is a performance and availability monitoring tool and although it can be used to alert and report on windows security logs, it doesn't scale and won't retain data for sufficient periods of time to meet compliance regulations. If you do try to use SCOM for compliance then do some scalability testing in a test environment first. For Alerting, SCOM can alert on entries in the windows security log. So for all of the options you mention, look up the relevant windows event id and create a rule in SCOM. Kevin Holman runs through it here: http://blogs.technet.com/b/kevinholman/archive/2010/04/12/using-opsmgr-for-intrusion-detection-and-security-hardening.aspx For Reporting, Audit Collection Services - http://technet.microsoft.com/en-us/library/hh212908.aspx 3rd party options. Secure Vantage have done security management packs and also an archiving tool for Audit Collection Services but these only work on SCOM 2007 R2 ... there is no sign of any updates from them for SCOM 2012. Cheers GrahamRegards Graham New System Center 2012 Blog! - http://www.systemcentersolutions.co.uk View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

Thanks for the quick reply!