Configure security settings for the entire management group.
This tab contains the following options:
- Mutual authentication required
- Mutual authentication requires the MOM Management Server and
the agent to authenticate each other using the Kerberos V5
protocol before they can communicate. This setting is applied to
the management group, and cannot be overridden on the Management
Server or agent. If you select this option, MOM SP1 agents cannot
authenticate with the Management Servers and the
Block MOM 2000 and MOM 2000 SP1 agents from connecting to
the Management Serversetting is automatically enabled. You
must have an Active Directory® trust relationship between the
Management Server domain and the agent domain.
Mutual authentication prevents a malicious attacker from posing as a Management Server or an agent, as well as communicating with, and performing actions on, the other computer. This setting is enabled by default if you are running Active Directory in your network.
Note
If you are upgrading to MOM 2005, this setting is disabled by default. If you are installing MOM 2005 for the first time, this setting is enabled by default.
- Block MOM 2000 and MOM 2000 SP1 agents from connecting to the Management Server
- If you select this option, only MOM 2005 agents can communicate with the Management Servers in this management group. This setting is applied to the management group, and cannot be overridden on the Management Server or agent. You can use this feature even if Mutual authentication is disabled. However, this feature is always enabled if Mutual Authentication is enabled. Blocking legacy agents helps to maintain a greater security level in your MOM environment.
Note
If you are upgrading to MOM 2005, this setting is disabled by default. If you are installing MOM 2005 for the first time, this setting is enabled by default.
- Disable execution of custom responses on Management Servers
- Custom responses are scripts that run on the Management Server in response to specific data gathered from one or more managed computers. This setting is applied to the management group, and cannot be overridden on the Management Server.
The following types of responses are affected by this setting:
- Script responses configured to be launched on the Management Server
- Notification responses when a command is specified
- Command/batch file responses configured to be executed from the Management Server
The following responses are not affected by this setting and will always be executed:
- Any response configured to be executed locally on the managed computer
- Notification responses that use e-mail or page notifications
- Update state variable responses
- SNMP trap responses
Did you find this information useful? Please send your suggestions and comments about the documentation to momdocs@microsoft.com.