When you manage events, you often wish you could
generate automatic actions when specific events occur. For example, it
would be nice if you could automatically delete temporary files and send
a notification to desktop technicians when PC disk drives get too full.
Or, it would be nice if you could receive automatic notification when
unauthorized users try to log on to workstations that contain access to
highly sensitive or confidential information. Or even better, display a
message telling users they are trying to access unauthorized systems and
then send an e-mail to appropriate authorities. All of these things are
now possible in Windows Vista.
Linking events to automated tasks is a very straightforward process. It can be done in one of three ways:
When you create either a basic or an advanced
task in the Task Scheduler, you can select an event as the trigger for
the task. Use the following procedure:
Create a new task from the Action menu. Choose Action =>
Create Task.
Name the task and set the credentials under which the task will run.
Move to the Trigger tab and click New. Select On an event as the task trigger from the drop-down list.
Choose either Basic or Custom as the event setting.
Basic
settings let you select which Event Log will be the source of the
event, then which event source and finally, which event ID to look for.
Custom
settings let you create an Event Filter, letting you determine exactly
how the task should be launched based on a series of filtered
conditions.
Then continue adding the task properties such as conditions, actions, and settings.
It gets even better when you generate the task
from the Event Viewer. Here you repeat much the same process, except
that the task is generated from the event itself instead of the other
way around.
When you create an automated task from the Event Viewer, use the following procedure:
Locate the event to which you want to attach the task. You can either drill down to the event or create a filter to locate the event.
Right-click on the event to select Attach Task To This Event or use the Action pane to click on the same command. This option automatically launches the Basic Task wizard.
Run through the wizard's panes to generate the task.
The advantage of using this method to create the
task is that it automatically fills in all of the information required
to generate the trigger from the event. The disadvantage is that you can
only create a basic task using this method. Of course, after the task
is created, you can go to the Task Scheduler to add features and
properties to the task, but this requires more steps to do so.
The last method is to use the command line to link a task to an event. To do so, you need the following values:
These values can be obtained either through the
Event Viewer or through the wevtutil.exe command by using the proper
switches. For example, you might use:
wevtutil qe Security /c:n /rd:true /f:text
This command would query the Security Event Log to obtain the latest events by reversing the list of events /rd:true and displaying then in text format /f:text as opposed to the default XML format. In this command line, the value for n should be a number indicating how many events you want returned by the command.
Then, after you have the values you need, you can
use the Task Scheduler command to generate the task. For example, you
might use:
schtasks /create /TN taskname /TR action /SC ONEVENT /EC System /
MO *[System/EventID=IDnumber]
Where "taskname" is the name you want to assign
to the task, "action" is the action to perform or command to execute,
and "IDnumber" is the ID number of the event, which will act as a
trigger for the task.
In this example, the source Event Log is the
System log. The task schedule is based on the occurrence of the event
and is modified to identify the event ID.
As you can see, the combination of the Event Log
with the Task Scheduler opens the door for several system management
activities. And, because Vista offers a much more detailed and rich
event management structure, the possibilities are endless. Tasks can be
generated on one machine and exported in XML format to be imported to
any other system.
