Is anyone monitoring for changes to an endpoints DNS configuration? We have experienced issues where Windows Admins have misconfigured the DNS settings for my SCOM Gateway’s, resulting in the agents reporting to the GW throwing heartbeat failures. Unfortunately, we cannot lock them out, as they are the actual Windows Admins for their “agency” environment. I’d prefer to monitor for these changes in SCOM, but we also have SCCM (DCM) and we’re considering using Powershell DSC to enforce the configs.
if ([string]::IsNullOrWhiteSpace($winsServers) -or [string]::IsNullOrEmpty($winsServers)) {
$winsServers = @(‘-’)
}
if ([string]::IsNullOrWhiteSpace($dnsServers) -or [string]::IsNullOrEmpty($dnsServers)) {
$dnsServers = @(‘-’)
}
Write-Host “Name $($_.Name) n Description $($_.Description) n WinsServer: $($winsServers)`n DNSServer $($dnsServers)”
}
Add a the a table where you define the the GW names and their ‘should-be’ settings.The script than compares the current with should and creates either ‘good’ or ‘bad’