This is a concept that I have seen several examples of, but realize not everyone knows of this capability.
You can create a rule, that targets a class hosted by an agent (such as Windows Server Operating System), but have a script response run on the Management Server to take action.
Here is a simple example:
<Rule ID="Demo.ResponseOnMS.Rule" Enabled="true" Target="Windows!Microsoft.Windows.Server.OperatingSystem" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100"> <Category>Maintenance</Category> <DataSources> <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider"> <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName> <LogName>Application</LogName> <Expression> <And> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type="UnsignedInteger">100</Value> </ValueExpression> </SimpleExpression> </Expression> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery Type="String">PublisherName</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type="String">MM</Value> </ValueExpression> </SimpleExpression> </Expression> </And> </Expression> </DataSource> </DataSources> <WriteActions> <WriteAction ID="PSWA" TypeID="Windows!Microsoft.Windows.PowerShellWriteAction" Target="SC!Microsoft.SystemCenter.CollectionManagementServer"> <ScriptName>Demo.ResponseOnMS.Rule.ps1</ScriptName> <ScriptBody> # Add the SCOM API and Log event $api = New-Object -comObject "MOM.ScriptAPI" $api.LogScriptEvent("Demo.ResponseOnMS.Rule.ps1",2222,0,"This event is created by a script running on the MS") </ScriptBody> <TimeoutSeconds>30</TimeoutSeconds> </WriteAction> </WriteActions> </Rule> </Rules>
This rule uses a simple event datasource looking for event 100, and source of “MM”.
Then – it responds with a Write Action – but the Write Action has a Target of Management server. This is the key part:
<WriteAction ID="PSWA" TypeID="Windows!Microsoft.Windows.PowerShellWriteAction" Target="SC!Microsoft.SystemCenter.CollectionManagementServer">
My example is very simple – and runs PowerShell on the Management server, creating a single simple event in the OpsMgr log.
This design works in SCOM 2012 and later – where the response will execute on the Management Server that the agent is assigned to.
You can use this example to do things, like query the OpsDB and generate a specific alert in response to an agent side issue – or you can put the agent into Maintenance mode by passing the computername as a parameter to the script write action.
You can also do similar things with tasks:
<Task ID="Your.Task" Accessibility="Public" Enabled="true" Target="SC!Microsoft.SystemCenter.Agent" Timeout="180" Remotable="true" RunLocation="SC!Microsoft.SystemCenter.CollectionManagementServer">