Hi there, ive been using the following script (see below.) to alert me if any Automatic service stops and it does seem to be working but i only seem to get an alert when i make a change to an override not when i manually stop a service which leads me to worry that i might not get an alert in an actual failure. I got this script from the following website - http://czwieg.wordpress.com/2011/02/25/monitoring-all-automatic-start-windows-services-in-scom-2007-r2/. Should i change the script for the following? http://social.technet.microsoft.com/Forums/en-US/operationsmanagerauthoring/thread/dbb175c4-8ec0-4427-9d10-9382044144e7 Any info on this would be great. thanks Will ' Monitor if any automatic service is not running ' Excluded: Performance Logs and Alerts service is auto but never running ' Create a two state timed generic script unit monitor ' HEALTH EXPRESSIONS ' Healthy Property[@Name='State'] Contains GOOD ' Unhealthy Property[@Name='State'] Contains BAD ' ALERT DESCRIPTION ' $Data/Context/Property[@Name='Description']$ Set oAPI = CreateObject("MOM.ScriptAPI") Set oShell = CreateObject( "WScript.Shell" ) Set arArgs = WScript.Arguments.Named Set oBag = oAPI.CreatePropertyBag() dim StateRegPath : StateRegPath = "HKLM\" & oAPI.GetScriptStateKeyPath("ServicesStopped") On Error Resume Next GetState = oShell.RegRead(StateRegPath & "\ServicesList") on error Goto 0 allGood = TRUE RepeatDown = FALSE sExcludeList = arArgs.Item("Exclude") Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") 'Get System Uptime, if recently rebotted, do not continue Set colOperatingSystems = oWMI.ExecQuery("Select * From Win32_PerfFormattedData_PerfOS_System") For Each objOS in colOperatingSystems intSystemUptime = Int(objOS.SystemUpTime) Next If (intSystemUptime > 900) Then Set allSvc = oWMI.ExecQuery("Select * from Win32_Service Where StartMode = 'Auto'") For Each oSvc in allSvc If (oSvc.Started = FALSE and instr(1,sExcludeList,"'" & oSvc.DisplayName & "'") < 1) Then sList = sList & oSvc.DisplayName & ", " allGood = FALSE if instr(1,GetState,oSvc.DisplayName) > 0 then RepeatDown = TRUE End If Next If allGood = TRUE then Call oBag.AddValue("State", "GOOD") call oShell.RegWrite (StateRegPath & "\ServicesList", "", "REG_SZ") Else if RepeatDown = TRUE then Call oBag.AddValue("State", "BAD") Call oBag.AddValue("Description", "Automatic service(s) not running: " & sList) end if call oShell.RegWrite (StateRegPath & "\ServicesList", sList, "REG_SZ") End if Else Call oBag.AddValue("State", "GOOD") End If Call oAPI.Return(oBag)

One sugestion would be not trying to just alert if an automatic service stops. They are not all that important and the can be set up to recover. For important services, set up unique and individual service monitors, just as a suggestion. This way you can control what you look for. I know some shops early on in learning to monitor in a cost effective way take the approach "if there is an event I want to see it and collect every counter too" - but this is wasteful effort since most things in logs are just not indicative of an issue. Similar for automatic services that are not running. As for your script, if it is firing an alert when you save an override, it sounds like it isn't running on a regular interval or is being unloaded because it errors out. Look in your operations manager event log after you save an override or bounce the agent - see if you're getting errors running your script.Microsoft Corporation

I agree with Dan here. It is best to monitor only the important services. The microsoft management packs already pick up a lot. And you might want to expand to the antivirus and backup agent services. And a number of others. But I would not go for any-and-all services or events or performance counters. of course that is next to the part where most environments cant even keep up with the stuff that comes out of normal monitoring operations :-) Also a lot of automatic services auto-close or have delayed startups or both. And there are interesting services with a manual state as well. Anyway, think twice before trying to monitor all services.Bob Cornelissen - BICTT (My BICTT Blog)