Monitor for DNS configuration change on an endpoint?

Is anyone monitoring for changes to an endpoints DNS configuration? We have experienced issues where Windows Admins have misconfigured the DNS settings for my SCOM Gateway’s, resulting in the agents reporting to the GW throwing heartbeat failures. Unfortunately, we cannot lock them out, as they are the actual Windows Admins for their “agency” environment. I’d prefer to monitor for these changes in SCOM, but we also have SCCM (DCM) and we’re considering using Powershell DSC to enforce the configs.

Any suggestions?

I would solve your problem in this way.

1.Create a PowerShell script which can retrieve the Network adapter configuration - A starter:

$nics = [System.Net.NetworkInformation.NetworkInterface]::GetAllNetworkInterfaces()

$nics | ForEach-Object {

$props = $_.GetIPProperties()
$winsServers = $props.WinsServersAddresses
$dnsServers = $props.DnsAddresses

if ([string]::IsNullOrWhiteSpace($winsServers) -or [string]::IsNullOrEmpty($winsServers)) {
$winsServers = @(’-’)
}
if ([string]::IsNullOrWhiteSpace($dnsServers) -or [string]::IsNullOrEmpty($dnsServers)) {
$dnsServers = @(’-’)
}

Write-Host “Name $($_.Name) n Description $($_.Description) n WinsServer: $($winsServers)`n DNSServer $($dnsServers)”

}


Add a the a table where you define the the GW names and their ‘should-be’ settings.The script than compares the current with should and creates either ‘good’ or ‘bad’

  1. Use Squared Up’s free PowerShell MP (https://squaredup.com/landing-pages/free-powershell-management-pack/) and add the script into it. Target the management server so that they run the script.

Let me know if I could express myself well or if you need support for a part of the solution approach.

1 Like