A good number of management packs depend on an agent setting to enable proxy mode. Now this has nothing to do with using a browser to access the internet. This setting basically means that you allow the agent to forward data to the management server on behalf of another entity. For instance: a domain controller on behalf of the domain, an ISA server on behalf of the array, a cluster node on behalf of the cluster resources and so on. Each management pack guide will state if this setting is needed.
First of all, you can find this setting in the SCOM console in the administration pane -> agent managed. Open the properties of one of the agents and you will find the second tab (Security) which has a checkbox to enable “Allow this agent to act as a proxy and discover managed objects on other computers”.
Sometimes if you forget to set it and the agent is sending data on behalf of another entity you will get an alert. But in some cases you need to set this already to enable discovery of certain things, otherwise you will not get any alerts. So always read the management pack guide.
Alright, well perhaps you want to set the agent proxy through some automated way. This is where the fun stuff begins.
First of all there is a nice tool for this by Boris Yanushpolsky:
http://blogs.msdn.com/b/boris_yanushpolsky/archive/2007/08/02/enabling-proxying-for-agents.aspx
Next a command line tool by Clive Eastwood:
http://blogs.technet.com/b/cliveeastwood/archive/2007/08/30/operations-manager-2007-agent-proxy-command-line-tool-proxycfg.aspx
A PowerShell script that enables proxy agent based on a certain class by Jonathan Almquist:
http://blogs.technet.com/b/operationsmgr/archive/2009/09/29/enabling-agent-proxy-for-a-class-in-system-center-operations-manager-2007.aspx
A modification on this script with a few of the roles that you have to set the agent proxy for by Marc Klaver and Rob Korving:
http://jama00.wordpress.com/2010/01/21/setting-agent-proxying/
It is also possible that you just want to enable proxy on all agents. Keep in mind that there is a theoretical risk in this as any agent could potentially flood the management servers with data on behalf of other entities when somebody makes a malicious thing for this. I don’t see this happening very fast, but the risk is always there. In any case as half your machines need this setting to enable monitoring you might want to just turn it on for all of them and be done with it.
The quick way to do this is to open the Operations Manager Shell (it is in your start menu) and use the following command:
Set-DefaultSetting -Name HealthService\ProxyingEnabled -Value True
For SCOM 2012:
People have been asking me if SCOM 2012 works the same way. Well I have not found the default setting yet, and of course the set-defaultsetting command is retired in 2012. SO whats left is for instance a command which gets all agents where proxy is set to disabled and you can feed it to the enable-scomagentproxy command as such:
Get-SCOMAgent | where {$_.ProxyingEnabled.Value -eq $False} | Enable-SCOMAgentProxy