this is cool enough to blog about (which translates to "do not want to forget this later"). in a previous post a long while back, i wrote up a short summary of how to setup an alert rule to receive all notifications for a specified computer group. let's take that one step further, shall we?
why do this? imagine this scenario. you're a domain administrator. you decided to setup the alert rule specified above and tied it to your domain controllers computer group. now you're receiving all the alerts for your domain controllers, just like you wanted. and just like real life ... everything is going along happily until one day someone asks you to do something for them. this time, they want a notification for security group changes. not a problem! you use a helpful little blog post like this to accomplish something pretty close to it. (by the way, if you are doing this, just use parameter 3 for the group name.)
oh to your chagrin, your inbox fills up with monitoring alerts that you don't really care to see. since you've got the master alert rule bound to your domain controllers, though, there doesn't seem to be a way out.
or is there? here's how i resolved it. i made two small modifications to both rules:
on the security event notification rule:
- switch to the alert tab.
- click the "custom fields..." button.
- specify a value for customfield1.
on the master alert rule:
- switch to the alert criteria tab.
- click the "advanced..." button.
- choose field "custom field 1", set condition to "not equals" and the value matching what you specified above.
with that set, now you will stop receiving all those nagging notifications about other people's group changes. hope that helps!