SCOM: (Un)sealing a Management Pack

Written by Ingmar Verheij on April 5th, 2011. Posted in Operations Manager

System Center Operations Manager (SCOM) uses Management Packs to discover, monitor and collect data about product. Usually a Management Pack is used per product such as Exchange 2003, Exchange 2010, SQL 2008, etc. Commercial management packs are sealed, which means you can’t edit the content of the management pack

Unsealing a management pack

In some cases it might me necessary to change a sealed management pack to suit your needs. Before the sealed management pack can be changed it needs to be unsealed.

This can easily be done with a PowerShell script (run on a SCOM server):

SYNTAX: MptoXml.ps1

Example: .MpToXml.ps1 C:SoftwareMPssealed C:SoftwareMPsunsealed


$MPs = Get-ChildItem $mpFilePath -recurse -include *.mp

$assembly = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.EnterpriseManagement.OperationsManager")| out-null

foreach ($mp in $MPs){

    $mgmtpack = new-object Microsoft.EnterpriseManagement.Configuration.ManagementPack($mp)

    $mpWriter = new-object Microsoft.EnterpriseManagement.Configuration.IO.ManagementPackXmlWriter($outputDirectory)



Source: Pete Zerger


Downside of unsealing a management pack is you can’t reference objects of an unsealed management pack, for instance in a distributed application. So after changing the contents of the management pack it needs to be sealed again. Sealing a management pack is done with a certificate. Since you don’t own the certificate of the vendor you need to supply your own.

Keep in mind that this is not recommend from the perspective of the vendor and that updates of the management packs are not installed. Try to use ovverride’s as much as possible.

Sealing a management pack

If you created your own management pack, of customized a vendor management pack, you can seal the management pack using basic tools.

In order to seal a management pack there are a couple of prerequisites:

For key generation (one of the following):

  • Business Intelligence Development Studio (2005);
  • Microsoft Visual Studio 2005;
  • .NET Framework SDK, link.

For sealing a management (one of the following):

  • MPSeal.exe (part of SCOM support tools);
  • SCOM 2007 R2 Authoring Console (recommended).


Creating the key(for signing) is done in three easy steps

1) Create a key pair : sn.exe –k <path>KeyPair.snk


2) Extract the public key : sn.exe –p <path>KeyPair.snk <path>PublicKey


3) Create a key pair : sn.exe –to <path>PublicKey



The next step, sealing the management pack, is a lot easier. Open the management pack in the SCOM 2007 R2 Authoring Console and follow these (again) three easy steps:

1) Select File > Save As > Sealed and Signed Managemend Pack


2) Give the Management Pack the suggested name (this is important!)

3) Specify the name of the company, copyright and the KeyPair you created earlier.



Ingmar Verheij

Ingmar Verheij

At the time Ingmar wrote this article he worked for PepperByte as a Senior Consultant (up to May 2014). His work consisted of designing, migrating and troubleshooting Microsoft and Citrix infrastructures. He was working with technologies like Microsoft RDS, user environment management and (performance) monitoring. Ingmar is User Group leader of the Dutch Citrix User Group (DuCUG). RES Software named Ingmar RES Software Valued Professional in 2014.

More Posts - Website

Follow Me:
TwitterLinkedInGoogle Plus

Tags: , , , , ,

Comments (1)

  • Manoj Singh
    5 September 2013 at 16:11 |

    Nice post

Leave a comment



%d bloggers like this: