Good session in general, though it disappoints me to no end that an MS MVP was pushing 2 3rd party tools to do security event collection with Microsoft Operations Manager. If MS was truly security minded, security event collection wouldn’t require individual admins to write regexs to identify and decode cryptic event details, there would be a team in Redmond that writes, tests and publishes everything you need to monitor security.

The 2 tools are MP Studio from Silect and Secure Vantage‘s Control Management Pack.

Of course, any evaluation of MOM requires that we be using it first, not something we’re doing now.

I’m sitting through an Exchange 2003 Clustering session now, not that I think Housing will ever need it, but there isn’t much else during this timeslot that I can imagine being needed.