SCOM: Target a rule or monitor to a computer group

Today I had to explain to a customer how you need to target a rule or monitor to a specific computer group.

This is actually not a very intuitive process and if you are used to work with MOM2005 the process is different and can have big implications in the behavior of the rule / monitor you’ve created.

This is the only correct way if you want to target a rule or monitor to a select group of server.

Create your rule:

Open your console and go to the tab Authoring and navigate to the Rules. Right Click > Create a new rule…


In the “Create Rule Wizard” select the desired rule. In this example I’m going to create an Event Based rule in the NT Event Log (Alert).

CAUTION: make sure to change the destination management pack to a custom management pack and NOT the default management pack.


Give the rule name and click the “Select” button just behind Rule Target:


Here you need to target a class of which you are certain all the servers you want to target are part of. In this case I choose “Windows Server” but if you are for example convinced they are all SQL server you can target the “SQL server” class.


If you have selected the appropriate class hit ok but not next on the page.

Make sure the “Rule is enabled” tick box is off!


Now choose the event log where to target your rule. In our case it’s the Application log


The filter. In this example I’m searching for an Event ID 150 created by the source “Eventcreate”


Next thing is to specify the information that will be generated by the alert:


Now click create.

Create your Group

So far the rule has been created but is disabled. The next thing we need to do is create our group which contains the specific set of servers which need to be targeted. In the Authoring pane choose “Groups” > Right click > choose “Create a new Group…”


Choose a name for the group and again CHANGE the default management pack as a target.

NOTE: Choose the same management pack where you want to create your override in later on. It’s not possible to reference another unsealed group from a unsealed group so either use the same group for both your override and group or seal the management pack where your group is created in.


The next option is to specify the explicit group members.

There are actually 2 approaches to populating the group (which can be combined).

The first one is that you specify the explicit members of the group. They will be always in the group included no matter what criteria you specify later on. The disadvantage you have is if you install a new server which need to be targeted you have to manually include it here.


The second approach to populate your group is Dynamic Inclusion rules. These rules have a set of conditions to add servers. These can be for example all servers which are SQL servers based on the class or all servers which name starts with “SERVER0”.


You can also specify servers to be included in this group which reside in another group.


Specifically deny Objects from being included in the group:


When you are confident you have included all the servers in the groups click create.

Create your override for the rule

At this point go back to the Authoring pane > Rules > search for your new created rule.

In this example you can see our newly created rule in disabled state:


Right click the rule and choose Overrides > Override the Rule > For a Group…


Now choose the group we created earlier on:


In the override parameter locate the “Enabled” parameter and tick the box in the “Override” column. In the Override Value choose “True” , click Apply and OK.


At this point the rule we have created is targeted only to the servers you’ve added to the computer group and not enabled on all the other servers. This is in face a total different approach from the way of working in MOM2005.

This is because the computer groups (The class of objects that are computer groups) only exist on the RMS. If you target a rule directly to a computer group it will try to collect info from the RMS instead of the computers you have intended.

Enough talk, let’s build
Something together.