Application of Windows 2008 trigger function

Source: Internet
Author: User

First, create a new trigger task

The trigger task for a Windows Server 2008 system is created from a specific event, and we first need to have the system record a symptom and generate an event, and then attach the specified trigger task to the target event through the newly added additional task function of the system. When the same event occurs in the future, the specified trigger task automatically runs to inform the network administrator what is important in the current server system.

By default, the Windows Server 2008 system does not automatically record a symptom, and we must audit for specific symptoms so that Event Viewer in the Windows Server 2008 system can track down specific symptoms. For example, to have the Windows Server 2008 System Event Viewer automatically remember that a user account was maliciously deleted, we should click the Start/Settings/Control Panel command and double-click the Administrative Tools icon in the Pop-up System Control Panel window. Then, in the list of Administrative tools, double-click the Local Security Policy option to open the Local Security Policy List window;

Display the area to the left of the List window, expand the Security Policy/Audit Policy Branch option, and then click under the Audit Policy Branch, double-click the Audit account Management option, open the Options Settings dialog box, select the Local Security Settings tab, and select the Success or failure option on the corresponding tab page, and then click OK button, so that the Windows Server 2008 system automatically tracks and records the addition or deletion of user account events.

Once the auditing feature is enabled for the specified operation, the Windows Server 2008 system automatically records the associated action events in the corresponding log file, for example, when only a user account is secretly deleted, Windows Server The corresponding record file will appear automatically in the log file of the 2008 system. When you look at this specific record, we can first open the Windows Server 2008 system's Start menu, click the Settings, Control Panel, system and maintenance, and administrative tools options in turn, clicking the Event Viewer icon in the Pop-up Admin Tools List window. Open the Event Viewer Console window, expand the Windows Log node option in the display area to the left of the window, and we'll see the different categories of event content, such as system, security, application, forwarding events, Setup, and so on, and double-click

A specific event record below a category allows you to open the details interface of the corresponding event record, where we can learn about the source of the specified event, the event ID, and other descriptive information.

However, every time the manual method to view the event record content is often cumbersome, and network administrators are very difficult to know the first time in the server system what happened to the important events. To do this, we can attach a trigger task to a particular event, and when the same event record is generated again, the Windows Server 2008 system triggers automatically work to execute the specified task schedule. Through this task plan we can automatically notify the current event content to the network administrator, the network administrator received notification information, can take timely measures to solve the server system security problems.

When creating a new trigger task, we first find a specific event record from the Event Viewer window. For example, the event record that the user account is deleted, then right-click the logging option, click the Attach task to this event command from the pop-up shortcut menu, and open the Trigger Task Creation Wizard dialog box. Follow the wizard prompts to set the name information for the new task, and then select an appropriate trigger, and the Windows Server 2008 system triggers provide three triggers for the user to display the message, send the e-mail, start the application, and select a triggering method. Then set the specific trigger content, and finally click the Finish button to finish creating the new Trigger task.

Second, the management has already triggered a task

Creating successful trigger tasks automatically appears in the list of task schedules for the Windows Server 2008 system and into the Task Scheduler List window, where we can manage and set up the trigger tasks as we wish. When managing an existing trigger task, we can follow these steps:

First login to the Windows Server 2008 system with System administrator privileges, click Start/Program/attachment/System Tools/Task Scheduler in the System desktop, and open the Task Scheduler List window for the corresponding system;

Next, in the display area on the left side of the list window, expand the Task Scheduler Library/Microsoft/Event Viewer tasks branching option with the mouse, and in the middle of the Event Viewer tasks branching option, we'll see Windows Server 2008 All successful trigger tasks have been created in the system.

Here we can modify the parameters of each trigger task, such as to modify the trigger of a scheduled task, we just right-click the specific trigger task, from the pop-up right-click menu to execute the "Properties" command, open the Target Trigger Task property settings window.

In the General tab page of the Settings window, we can specify that the target will trigger the task's running options, such as whether to run the target trigger task when logging on to the system, or whether the user is logged on or not, and we sometimes need to select the "Run with highest privilege" option here for some special trigger tasks. Ensure that the established actions in the target triggering task are successfully executed in the Windows Server 2008 system.

In the Triggers tab page, we can recreate a new trigger task by clicking the New button, and by clicking the Edit button, you can make some advanced settings for the currently selected trigger, such as specifying the delay task time, repeat task interval, expiration date, and so on for the target trigger task, by clicking Delete button to remove unwanted trigger tasks from the Windows Server 2008 system.

In the Actions tab page, we can see what triggers are being used by the target trigger, and if you need to adjust the new trigger, you can select the trigger you are currently using and click the Delete button to delete the target trigger, and then click New button to create a new triggering method. In addition, we can also click the "Edit" button here to modify some of the triggering parameters that are currently being used, such as modifying trigger headers, triggering content, selecting different triggers, and so on.

In the Criteria tab page, we can specify the criteria used to determine whether the task should run with the trigger, and if the condition set here is not true, then the target trigger task will not be executed automatically. For example, we can set how long the local computer is idle to run the current trigger task automatically, or set up the current trigger task only when the local computer is using AC power, or even set up the run target to start when the specified network connection is valid.

In the Settings tab page, we can specify some additional setting parameters that affect the target trigger task. For example, we can set how long it will take to restart a running target when a target task triggers a failure, or you can specify that a target trigger task to run for more than a long time, automatically stop the task

 Third, the actual application of the trigger

Using the trigger function, we can monitor the running state of the Windows Server 2008 Server system, and once the server system has an unexpected event, the trigger can automatically notify the server administrator of the event that occurs. So that the administrator can take action at the first time to protect the server running state from being affected.

For example, we can track the creation behavior of Windows Server 2008 system accounts, and when an illegal account is created, the network administrator can receive the alert information in a timely manner. To achieve such a monitoring purpose, we can first open the Windows Server 2008 System's Local Security Policy List window, click the Security Policy/Audit Policy/Audit account Management option, and then double-click the option with the mouse, then select the Success or Failure option, and then click OK button so that the Windows Server 2008 system can automatically track and record the addition or deletion of user account events.

Next, right-click the computer icon and run the Manage command from the pop-up shortcut menu. Open the Computer Management window for the corresponding system, select the Configure/Local Users and Groups/Users option in the left display area of the Management window, right-click the option, and then execute the New user "command, create a new user account at random in the user account creation dialog that pops up, and an event is automatically generated in the Windows Server 2008 System Event Viewer window for creating a new user account.

Below, click Settings/Control Panel/System and maintenance/Administrative Tools options on the Windows Server 2008 System Start menu, and then double-click the Event Viewer icon to open the Event Viewer Console window, showing the area expand on the left side of the window. Windows log node option, then from the system branch below this option, locate the Create new user account event that you just created, right-click the event option, select the Attach task to this event command from the pop-up shortcut menu, and open the Trigger Task Creation Wizard dialog box. Follow the wizard prompts to set the new task name "Monitor illegal create account", select the trigger to display message, set the trigger to "have an account on the server system may be illegally created," and finally click the "Finish" button, so that the "monitor illegal create account" trigger task even if the creation of success.

In the windows2008 system in the new application of trigger function, as long as there is illegal operation, will be the system is attacked and other operations, the Server System screen will automatically pop-up alarm information, so that the network administrator in the first time to master the operation of the server system.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.