locked
Monitoring Windows log on log off for SCOM 2012 RRS feed

  • General discussion

  • I have create Windows log on log off monitoring for xp computers if you need it create file

    Windows.Logon.Mp.xml and paste code

    <?xml version="1.0" encoding="utf-8"?><ManagementPack ContentReadable="true" SchemaVersion="2.0" OriginalSchemaVersion="1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
      <Manifest>
        <Identity>
          <ID>Windows.Logon.Mp</ID>
          <Version>1.0.0.1</Version>
        </Identity>
        <Name>Windows Logon Mp</Name>
        <References>
          <Reference Alias="MicrosoftWindowsLibrary6172210">
            <ID>Microsoft.Windows.Library</ID>
            <Version>7.5.8501.0</Version>
            <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
          </Reference>
          <Reference Alias="SystemLibrary6172210">
            <ID>System.Library</ID>
            <Version>7.5.8501.0</Version>
            <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
          </Reference>
          <Reference Alias="SystemCenter">
            <ID>Microsoft.SystemCenter.Library</ID>
            <Version>7.0.8427.0</Version>
            <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
          </Reference>
          <Reference Alias="Health">
            <ID>System.Health.Library</ID>
            <Version>7.0.8427.0</Version>
            <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
          </Reference>
        </References>
      </Manifest>
      <Monitoring>
        <Rules>
          <Rule ID="MomUIGeneratedRule808f484d939840d5a59173bc6a6d9e01" Enabled="false" Target="MicrosoftWindowsLibrary6172210!Microsoft.Windows.Computer" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
            <Category>Custom</Category>
            <DataSources>
              <DataSource ID="DS" TypeID="MicrosoftWindowsLibrary6172210!Microsoft.Windows.EventProvider">
                <ComputerName>$Target/Property[Type="MicrosoftWindowsLibrary6172210!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
                <LogName>Security</LogName>
                <Expression>
                  <And>
                    <Expression>
                      <SimpleExpression>
                        <ValueExpression>
                          <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
                        </ValueExpression>
                        <Operator>Equal</Operator>
                        <ValueExpression>
                          <Value Type="UnsignedInteger">528</Value>
                        </ValueExpression>
                      </SimpleExpression>
                    </Expression>
                    <Expression>
                      <SimpleExpression>
                        <ValueExpression>
                          <XPathQuery Type="String">Params/Param[1]</XPathQuery>
                        </ValueExpression>
                        <Operator>NotEqual</Operator>
                        <ValueExpression>
                          <Value Type="String">sc-OpsMgrAction</Value>
                        </ValueExpression>
                      </SimpleExpression>
                    </Expression>
                    <Expression>
                      <SimpleExpression>
                        <ValueExpression>
                          <XPathQuery Type="String">Params/Param[1]</XPathQuery>
                        </ValueExpression>
                        <Operator>NotEqual</Operator>
                        <ValueExpression>
                          <Value Type="String">NETWORK SERVICE</Value>
                        </ValueExpression>
                      </SimpleExpression>
                    </Expression>
                    <Expression>
                      <RegExExpression>
                        <ValueExpression>
                          <XPathQuery Type="String">Params/Param[2]</XPathQuery>
                        </ValueExpression>
                        <Operator>ContainsSubstring</Operator>
                        <Pattern>BOG0</Pattern>
                      </RegExExpression>
                    </Expression>
                  </And>
                </Expression>
              </DataSource>
            </DataSources>
            <WriteActions>
              <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">
                <Priority>1</Priority>
                <Severity>0</Severity>
                <AlertOwner />
                <AlertMessageId>$MPElement[Name="MomUIGeneratedRule808f484d939840d5a59173bc6a6d9e01.AlertMessage"]$</AlertMessageId>
                <AlertParameters>
                  <AlertParameter1>$Data/EventDescription$</AlertParameter1>
                </AlertParameters>
                <Suppression />
                <Custom1>$Data/EventDescription$</Custom1>
                <Custom2>$Data/Params/Param[1]$</Custom2>
                <Custom3>$Data/Params/Param[4]$</Custom3>
                <Custom4>$Data/Params/Param[2]$</Custom4>
                <Custom5 />
                <Custom6 />
                <Custom7 />
                <Custom8 />
                <Custom9 />
                <Custom10 />
              </WriteAction>
            </WriteActions>
          </Rule>
          <Rule ID="MomUIGeneratedRule263d90bcdfc3431ca906a1c47ac539c5" Enabled="false" Target="MicrosoftWindowsLibrary6172210!Microsoft.Windows.Computer" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
            <Category>Custom</Category>
            <DataSources>
              <DataSource ID="DS" TypeID="MicrosoftWindowsLibrary6172210!Microsoft.Windows.EventProvider">
                <ComputerName>$Target/Property[Type="MicrosoftWindowsLibrary6172210!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
                <LogName>Security</LogName>
                <Expression>
                  <And>
                    <Expression>
                      <SimpleExpression>
                        <ValueExpression>
                          <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
                        </ValueExpression>
                        <Operator>Equal</Operator>
                        <ValueExpression>
                          <Value Type="UnsignedInteger">538</Value>
                        </ValueExpression>
                      </SimpleExpression>
                    </Expression>
                    <Expression>
                      <SimpleExpression>
                        <ValueExpression>
                          <XPathQuery Type="String">Params/Param[1]</XPathQuery>
                        </ValueExpression>
                        <Operator>NotEqual</Operator>
                        <ValueExpression>
                          <Value Type="String">sc-OpsMgrAction</Value>
                        </ValueExpression>
                      </SimpleExpression>
                    </Expression>
                    <Expression>
                      <SimpleExpression>
                        <ValueExpression>
                          <XPathQuery Type="String">Params/Param[1]</XPathQuery>
                        </ValueExpression>
                        <Operator>NotEqual</Operator>
                        <ValueExpression>
                          <Value Type="String">NETWORK SERVICE</Value>
                        </ValueExpression>
                      </SimpleExpression>
                    </Expression>
                  </And>
                </Expression>
              </DataSource>
            </DataSources>
            <WriteActions>
              <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">
                <Priority>1</Priority>
                <Severity>0</Severity>
                <AlertOwner />
                <AlertMessageId>$MPElement[Name="MomUIGeneratedRule263d90bcdfc3431ca906a1c47ac539c5.AlertMessage"]$</AlertMessageId>
                <AlertParameters>
                  <AlertParameter1>$Data/EventDescription$</AlertParameter1>
                </AlertParameters>
                <Suppression />
                <Custom1 />
                <Custom2>$Data/Params/Param[1]$</Custom2>
                <Custom3>$Data/Params/Param[2]$</Custom3>
                <Custom4>$Data/Params/Param[3]$</Custom4>
                <Custom5 />
                <Custom6 />
                <Custom7 />
                <Custom8 />
                <Custom9 />
                <Custom10 />
              </WriteAction>
            </WriteActions>
          </Rule>
        </Rules>
        <Overrides>
          <RulePropertyOverride ID="OverrideForRuleMomUIGeneratedRule808f484d939840d5a59173bc6a6d9e01ForContextMicrosoftWindowsComputer4565382d1968460dbdc080901040579b" Context="MicrosoftWindowsLibrary6172210!Microsoft.Windows.Computer" ContextInstance="2e385de6-2423-48ec-a670-35a056bf9083" Enforced="false" Rule="MomUIGeneratedRule808f484d939840d5a59173bc6a6d9e01" Property="Enabled">
            <Value>true</Value>
          </RulePropertyOverride>
          <RulePropertyOverride ID="OverrideForRuleMomUIGeneratedRule808f484d939840d5a59173bc6a6d9e01ForContextMicrosoftWindowsComputer2dac0ea63c0e47d6a0bbb0208c0be67e" Context="MicrosoftWindowsLibrary6172210!Microsoft.Windows.Computer" ContextInstance="6d2ce8ec-696c-ef5b-e92d-5bc36758b251" Enforced="false" Rule="MomUIGeneratedRule808f484d939840d5a59173bc6a6d9e01" Property="Enabled">
            <Value>true</Value>
          </RulePropertyOverride>
        </Overrides>
      </Monitoring>
      <Presentation>
        <Views>
          <View ID="View_0879553b11694b388beaf641ea3900f5" Accessibility="Public" Enabled="true" Target="MicrosoftWindowsLibrary6172210!Microsoft.Windows.Computer" TypeID="SystemCenter!Microsoft.SystemCenter.AlertViewType" Visible="true">
            <Category>Operations</Category>
            <Criteria>
              <Name>Logon Detection</Name>
            </Criteria>
            <Presentation>
              <ColumnInfo Index="0" SortIndex="0" Width="22" Grouped="true" Sorted="false" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Severity</Name>
                <Id>Severity</Id>
              </ColumnInfo>
              <ColumnInfo Index="1" SortIndex="-1" Width="54" Grouped="false" Sorted="false" IsSortable="false" Visible="true" SortOrder="Ascending">
                <Name>Icon</Name>
                <Id>Icon</Id>
              </ColumnInfo>
              <ColumnInfo Index="2" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Path</Name>
                <Id>MonitoringObjectPath</Id>
              </ColumnInfo>
              <ColumnInfo Index="3" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Source</Name>
                <Id>MonitoringObjectDisplayName</Id>
              </ColumnInfo>
              <ColumnInfo Index="4" SortIndex="-1" Width="22" Grouped="false" Sorted="false" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Maintenance Mode</Name>
                <Id>MonitoringObjectInMaintenanceMode</Id>
              </ColumnInfo>
              <ColumnInfo Index="5" SortIndex="-1" Width="250" Grouped="false" Sorted="false" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Name</Name>
                <Id>Name</Id>
              </ColumnInfo>
              <ColumnInfo Index="6" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Resolution State</Name>
                <Id>ResolutionState</Id>
              </ColumnInfo>
              <ColumnInfo Index="7" SortIndex="-1" Width="150" Grouped="false" Sorted="false" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Created</Name>
                <Id>TimeRaised</Id>
              </ColumnInfo>
              <ColumnInfo Index="8" SortIndex="1" Width="100" Grouped="false" Sorted="true" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Age</Name>
                <Id>Age</Id>
              </ColumnInfo>
              <ColumnInfo Index="9" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Type</Name>
                <Id>Category</Id>
              </ColumnInfo>
              <ColumnInfo Index="10" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Owner</Name>
                <Id>Owner</Id>
              </ColumnInfo>
              <ColumnInfo Index="11" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Priority</Name>
                <Id>Priority</Id>
              </ColumnInfo>
              <ColumnInfo Index="12" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Latency</Name>
                <Id>Latency</Id>
              </ColumnInfo>
              <ColumnInfo Index="13" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Description</Name>
                <Id>Description</Id>
              </ColumnInfo>
              <ColumnInfo Index="14" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Connector</Name>
                <Id>ConnectorId</Id>
              </ColumnInfo>
              <ColumnInfo Index="15" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Forwarding Status</Name>
                <Id>ConnectorStatus</Id>
              </ColumnInfo>
              <ColumnInfo Index="16" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Class</Name>
                <Id>Class</Id>
              </ColumnInfo>
              <ColumnInfo Index="17" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Time in State</Name>
                <Id>TimeInState</Id>
              </ColumnInfo>
              <ColumnInfo Index="18" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 1</Name>
                <Id>CustomField1</Id>
              </ColumnInfo>
              <ColumnInfo Index="19" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 2</Name>
                <Id>CustomField2</Id>
              </ColumnInfo>
              <ColumnInfo Index="20" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 3</Name>
                <Id>CustomField3</Id>
              </ColumnInfo>
              <ColumnInfo Index="21" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 4</Name>
                <Id>CustomField4</Id>
              </ColumnInfo>
              <ColumnInfo Index="22" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 5</Name>
                <Id>CustomField5</Id>
              </ColumnInfo>
              <ColumnInfo Index="23" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 6</Name>
                <Id>CustomField6</Id>
              </ColumnInfo>
              <ColumnInfo Index="24" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 7</Name>
                <Id>CustomField7</Id>
              </ColumnInfo>
              <ColumnInfo Index="25" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 8</Name>
                <Id>CustomField8</Id>
              </ColumnInfo>
              <ColumnInfo Index="26" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 9</Name>
                <Id>CustomField9</Id>
              </ColumnInfo>
              <ColumnInfo Index="27" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 10</Name>
                <Id>CustomField10</Id>
              </ColumnInfo>
              <ColumnInfo Index="28" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Resolved By</Name>
                <Id>ResolvedBy</Id>
              </ColumnInfo>
              <ColumnInfo Index="29" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Time Resolved</Name>
                <Id>TimeResolved</Id>
              </ColumnInfo>
              <ColumnInfo Index="30" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Last State Change</Name>
                <Id>TimeResolutionStateLastModified</Id>
              </ColumnInfo>
              <ColumnInfo Index="31" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Last Modified</Name>
                <Id>LastModified</Id>
              </ColumnInfo>
              <ColumnInfo Index="32" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Last Modified By</Name>
                <Id>LastModifiedBy</Id>
              </ColumnInfo>
              <ColumnInfo Index="33" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Management Group</Name>
                <Id>ManagementGroup</Id>
              </ColumnInfo>
              <ColumnInfo Index="34" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Site</Name>
                <Id>SiteName</Id>
              </ColumnInfo>
              <ColumnInfo Index="35" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Repeat Count</Name>
                <Id>RepeatCount</Id>
              </ColumnInfo>
              <ColumnInfo Index="36" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Ticket ID</Name>
                <Id>TicketId</Id>
              </ColumnInfo>
            </Presentation>
            <Target />
          </View>
          <View ID="View_c403cd82dc274b86a3d156dd63c9723e" Accessibility="Public" Enabled="true" Target="SystemLibrary6172210!System.Entity" TypeID="SystemCenter!Microsoft.SystemCenter.AlertViewType" Visible="true">
            <Category>Operations</Category>
            <Criteria>
              <Name>Logoff Detection</Name>
            </Criteria>
            <Presentation>
              <ColumnInfo Index="0" SortIndex="0" Width="22" Grouped="true" Sorted="false" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Severity</Name>
                <Id>Severity</Id>
              </ColumnInfo>
              <ColumnInfo Index="1" SortIndex="-1" Width="54" Grouped="false" Sorted="false" IsSortable="false" Visible="true" SortOrder="Ascending">
                <Name>Icon</Name>
                <Id>Icon</Id>
              </ColumnInfo>
              <ColumnInfo Index="2" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Path</Name>
                <Id>MonitoringObjectPath</Id>
              </ColumnInfo>
              <ColumnInfo Index="3" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Source</Name>
                <Id>MonitoringObjectDisplayName</Id>
              </ColumnInfo>
              <ColumnInfo Index="4" SortIndex="-1" Width="22" Grouped="false" Sorted="false" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Maintenance Mode</Name>
                <Id>MonitoringObjectInMaintenanceMode</Id>
              </ColumnInfo>
              <ColumnInfo Index="5" SortIndex="-1" Width="250" Grouped="false" Sorted="false" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Name</Name>
                <Id>Name</Id>
              </ColumnInfo>
              <ColumnInfo Index="6" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Resolution State</Name>
                <Id>ResolutionState</Id>
              </ColumnInfo>
              <ColumnInfo Index="7" SortIndex="-1" Width="150" Grouped="false" Sorted="false" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Created</Name>
                <Id>TimeRaised</Id>
              </ColumnInfo>
              <ColumnInfo Index="8" SortIndex="1" Width="100" Grouped="false" Sorted="true" IsSortable="true" Visible="true" SortOrder="Ascending">
                <Name>Age</Name>
                <Id>Age</Id>
              </ColumnInfo>
              <ColumnInfo Index="9" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Type</Name>
                <Id>Category</Id>
              </ColumnInfo>
              <ColumnInfo Index="10" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Owner</Name>
                <Id>Owner</Id>
              </ColumnInfo>
              <ColumnInfo Index="11" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Priority</Name>
                <Id>Priority</Id>
              </ColumnInfo>
              <ColumnInfo Index="12" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Latency</Name>
                <Id>Latency</Id>
              </ColumnInfo>
              <ColumnInfo Index="13" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Description</Name>
                <Id>Description</Id>
              </ColumnInfo>
              <ColumnInfo Index="14" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Connector</Name>
                <Id>ConnectorId</Id>
              </ColumnInfo>
              <ColumnInfo Index="15" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Forwarding Status</Name>
                <Id>ConnectorStatus</Id>
              </ColumnInfo>
              <ColumnInfo Index="16" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Class</Name>
                <Id>Class</Id>
              </ColumnInfo>
              <ColumnInfo Index="17" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Time in State</Name>
                <Id>TimeInState</Id>
              </ColumnInfo>
              <ColumnInfo Index="18" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 1</Name>
                <Id>CustomField1</Id>
              </ColumnInfo>
              <ColumnInfo Index="19" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 2</Name>
                <Id>CustomField2</Id>
              </ColumnInfo>
              <ColumnInfo Index="20" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 3</Name>
                <Id>CustomField3</Id>
              </ColumnInfo>
              <ColumnInfo Index="21" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 4</Name>
                <Id>CustomField4</Id>
              </ColumnInfo>
              <ColumnInfo Index="22" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 5</Name>
                <Id>CustomField5</Id>
              </ColumnInfo>
              <ColumnInfo Index="23" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 6</Name>
                <Id>CustomField6</Id>
              </ColumnInfo>
              <ColumnInfo Index="24" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 7</Name>
                <Id>CustomField7</Id>
              </ColumnInfo>
              <ColumnInfo Index="25" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 8</Name>
                <Id>CustomField8</Id>
              </ColumnInfo>
              <ColumnInfo Index="26" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 9</Name>
                <Id>CustomField9</Id>
              </ColumnInfo>
              <ColumnInfo Index="27" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Custom Field 10</Name>
                <Id>CustomField10</Id>
              </ColumnInfo>
              <ColumnInfo Index="28" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Resolved By</Name>
                <Id>ResolvedBy</Id>
              </ColumnInfo>
              <ColumnInfo Index="29" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Time Resolved</Name>
                <Id>TimeResolved</Id>
              </ColumnInfo>
              <ColumnInfo Index="30" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Last State Change</Name>
                <Id>TimeResolutionStateLastModified</Id>
              </ColumnInfo>
              <ColumnInfo Index="31" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Last Modified</Name>
                <Id>LastModified</Id>
              </ColumnInfo>
              <ColumnInfo Index="32" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Last Modified By</Name>
                <Id>LastModifiedBy</Id>
              </ColumnInfo>
              <ColumnInfo Index="33" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Management Group</Name>
                <Id>ManagementGroup</Id>
              </ColumnInfo>
              <ColumnInfo Index="34" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Site</Name>
                <Id>SiteName</Id>
              </ColumnInfo>
              <ColumnInfo Index="35" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Repeat Count</Name>
                <Id>RepeatCount</Id>
              </ColumnInfo>
              <ColumnInfo Index="36" SortIndex="-1" Width="100" Grouped="false" Sorted="false" IsSortable="true" Visible="false" SortOrder="Ascending">
                <Name>Ticket ID</Name>
                <Id>TicketId</Id>
              </ColumnInfo>
            </Presentation>
            <Target />
          </View>
        </Views>
        <Folders>
          <Folder ID="Folder_fb665fba868244d18728c178c8280c14" Accessibility="Public" ParentFolder="SystemCenter!Microsoft.SystemCenter.Monitoring.ViewFolder.Root" />
        </Folders>
        <FolderItems>
          <FolderItem ElementID="View_0879553b11694b388beaf641ea3900f5" ID="View_0879553b11694b388beaf641ea3900f5" Folder="Folder_fb665fba868244d18728c178c8280c14" />
          <FolderItem ElementID="View_c403cd82dc274b86a3d156dd63c9723e" ID="View_c403cd82dc274b86a3d156dd63c9723e" Folder="Folder_fb665fba868244d18728c178c8280c14" />
        </FolderItems>
        <StringResources>
          <StringResource ID="MomUIGeneratedRule808f484d939840d5a59173bc6a6d9e01.AlertMessage" />
          <StringResource ID="MomUIGeneratedRule263d90bcdfc3431ca906a1c47ac539c5.AlertMessage" />
        </StringResources>
      </Presentation>
      <LanguagePacks>
        <LanguagePack ID="ENU" IsDefault="false">
          <DisplayStrings>
            <DisplayString ElementID="Windows.Logon.Mp">
              <Name>Windows Logon Mp</Name>
            </DisplayString>
            <DisplayString ElementID="Folder_fb665fba868244d18728c178c8280c14">
              <Name>Windows Logon Mp</Name>
            </DisplayString>
            <DisplayString ElementID="MomUIGeneratedRule808f484d939840d5a59173bc6a6d9e01">
              <Name>Logon Detection</Name>
              <Description>Logon Detection</Description>
            </DisplayString>
            <DisplayString ElementID="MomUIGeneratedRule808f484d939840d5a59173bc6a6d9e01.AlertMessage">
              <Name>Logon Detection</Name>
              <Description>Event Description: {0}</Description>
            </DisplayString>
            <DisplayString ElementID="MomUIGeneratedRule808f484d939840d5a59173bc6a6d9e01" SubElementID="DS">
              <Name>DS</Name>
            </DisplayString>
            <DisplayString ElementID="MomUIGeneratedRule808f484d939840d5a59173bc6a6d9e01" SubElementID="Alert">
              <Name>Alert</Name>
            </DisplayString>
            <DisplayString ElementID="View_0879553b11694b388beaf641ea3900f5">
              <Name>Logon Detection</Name>
            </DisplayString>
            <DisplayString ElementID="MomUIGeneratedRule263d90bcdfc3431ca906a1c47ac539c5">
              <Name>Logoff Detection</Name>
              <Description>Logoff Detection</Description>
            </DisplayString>
            <DisplayString ElementID="MomUIGeneratedRule263d90bcdfc3431ca906a1c47ac539c5.AlertMessage">
              <Name>Logoff Detection</Name>
              <Description>Event Description: {0}</Description>
            </DisplayString>
            <DisplayString ElementID="MomUIGeneratedRule263d90bcdfc3431ca906a1c47ac539c5" SubElementID="Alert">
              <Name>Alert</Name>
            </DisplayString>
            <DisplayString ElementID="MomUIGeneratedRule263d90bcdfc3431ca906a1c47ac539c5" SubElementID="DS">
              <Name>DS</Name>
            </DisplayString>
            <DisplayString ElementID="View_c403cd82dc274b86a3d156dd63c9723e">
              <Name>Logoff Detection</Name>
            </DisplayString>
          </DisplayStrings>
          <KnowledgeArticles>
            <KnowledgeArticle ElementID="MomUIGeneratedRule808f484d939840d5a59173bc6a6d9e01" Visible="true">
              <MamlContent>
                <maml:section xmlns:maml="http://schemas.microsoft.com/maml/2004/10">
                  <maml:title>Summary</maml:title>
                  <maml:para>This Rule is part of Windows Logon Mp.In this rule we got alerts when on computer  user logon.</maml:para>
                </maml:section>
              </MamlContent>
            </KnowledgeArticle>
          </KnowledgeArticles>
        </LanguagePack>
      </LanguagePacks>
    </ManagementPack>

    any updates will be add here.

    for working with management pack you need open Operation Console >>Go to Autoring Tab >>Rules

    set scope Windows Computers  then Type:Windows Client XP Computer

    and on Rules create overide  : Overrides> Overrides the Rule>>For a specific object of Class windows Client XP computer

    then add your computer you need to monitoring.

    Monday, June 25, 2012 7:12 AM