Computer Groups
When you import the Microsoft Forefront Server Security Management Pack for MOM 2005, it creates computer groups based on the systems being monitored. They are directly associated with the included rules, which are deployed on a computer group level to monitor agent systems.
The MOM agents that you deployed examine a server’s registry to see if Forefront Security for Exchange Server or Forefront Security for SharePoint is installed. If so, that server is added to the appropriate MOM computer group, based on the services found to be running when the attribute discovery task is run.
These are the computer groups created for Forefront Security for Exchange Server systems:
Forefront Security for Exchange Server - All Servers (every server running Forefront Security for Exchange is added into this group as well as into one of the others)
Forefront Security for Exchange Server - Hub Transport
Forefront Security for Exchange Server - Mailbox/Public Folders
Forefront Security for Exchange Server - Edge Transport
Forefront Security for Exchange Server - Hub Transport/Mailbox/Public Folders
This is the computer group created for Forefront Security for SharePoint systems:
- Forefront Security for SharePoint
Computer Attributes
There are several custom computer attributes within MOM. The Attribute Discovery task checks the registry value on an agent system to determine if Forefront Security for Exchange Server or Forefront Security for SharePoint is installed. If so, the attribute helps to determine the computer group that the agent system becomes a member of.
The computer attributes for Forefront Security for Exchange Server systems are:
Forefront for Exchange Registry Key
Forefront for Exchange 32bit Registry Key
Exchange Hub Transport Registry Key
Exchange Edge Transport Registry Key
Exchange Mailbox Registry Key
The computer attributes for Forefront Security for SharePoint systems are:
Forefront for SharePoint Registry Key
Forefront for SharePoint 32bit Registry Key
The following list shows the specifics of each of the Forefront Security for Exchange Server computer attributes.
Forefront for Exchange Registry Key
Attribute Type |
Registry Key |
Registry Path |
HKLM\Software\Microsoft\Forefront Server Security\Exchange Server\DatabasePath |
Function |
Detects 32-bit agent systems running Forefront Security for Exchange Server |
Forefront for Exchange 32 bit Registry Key
Attribute Type |
Registry Key |
Registry Path |
HKLM\Software\Wow6432Node\Microsoft\Forefront Server Security\ Exchange Server\DatabasePath |
Function |
Detects 64-bit systems running 32-bit Forefront Security for Exchange Server |
Exchange Hub Transport Registry Key
Attribute Type |
Registry Key |
Registry Path |
HKLM\Software\Microsoft\Exchange\v8.0\HubTransportRole |
Function |
Detects 64-bit agent systems with an Exchange hub transport server role |
Exchange Edge Transport Registry Key
Attribute Type |
Registry Key |
Registry Path |
HKLM\Software\Microsoft\Exchange\v8.0\EdgeTransportRole |
Function |
Detects 64-bit agent systems with an Exchange edge transport server role |
Exchange Mailbox Registry Key
Attribute Type |
Registry Key |
Registry Path |
HKLM\Software\Microsoft\Exchange\v8.0\MailboxRole |
Function |
Detects 64-bit agent systems with an Exchange mailbox server role |
The following list shows the specifics of each of the Forefront Security for SharePoint computer attributes.
Forefront for SharePoint Registry Key
Attribute Type |
Registry Key |
Registry Path |
HKLM\Software\Microsoft\Forefront Server Security\SharePoint\DatabasePath |
Function |
Detects 32-bit agent systems running Forefront Security for SharePoint |
Forefront for SharePoint 32 bit Registry Key
Attribute Type |
Registry Key |
Registry Path |
HKLM\Software\Wow6432Node\Microsoft\Forefront Server Security\ SharePoint\DatabasePath |
Function |
Detects 64-bit systems running 32-bit Forefront Security for SharePoint |
For more details on Attribute Discovery, see Establishing Group Membership.
Viewing the Computers in a Group
The following procedure shows the agent systems that are included in a computer group.
To find out which computers (agent systems) are included in a computer group
Right-click one of the groups (for example the Forefront for Exchange Server - Hub Transport group). A shortcut menu appears.
Select Properties from the shortcut menu.
Select the Included Computers tab.