Use a Windows Server 2008 system trigger.

Source: Internet
Author: User
Tags system log

Create a new Trigger task

The Windows Server 2008 System event log feature records a variety of important things that occur in the server system, such as network access, System logins, program runs, resource calls, and so on, which include event descriptions, event sources, event types, and so on. By analyzing the contents of these events, the network administrator can not only understand the running state of the server system, but also deal with the threat in the system in time to ensure the security of the server system. However, a network administrator must actively view the event log each time to see what is happening in the server system, and if something important is happening in the server system, can the Windows Server 2008 system automatically eject prompts to alert the network administrator? The answer is YES! We can take advantage of the triggers of the Windows Server 2008 system to have the server automatically remind the network administrator what important events are happening, without having to manually view the system log files each time.

Create a new Trigger task

The trigger task for a Windows Server 2008 system is created from a specific event, and we first need to have the system record a symptom and generate an event, and then attach the specified trigger task to the target event through the newly added additional task function of the system. When the same event occurs in the future, the specified trigger task automatically runs to inform the network administrator what is important in the current server system.

By default, the Windows Server 2008 system does not automatically record a symptom, and we must audit for specific symptoms so that Event Viewer in the Windows Server 2008 system can track down specific symptoms. For example, to have the Windows Server 2008 System Event Viewer automatically remember that a user account was maliciously deleted, we should click the Start/Settings/Control Panel command and double-click the Administrative Tools icon in the Pop-up System Control Panel window. Then, in the list of Administrative tools, double-click the Local Security Policy option to open the Local Security Policy List window;

Display the area to the left of the List window, expand the Security Policy/Audit Policy Branch option, and then click under the Audit Policy Branch, double-click the Audit account Management option to open the Options Settings dialog box shown in Figure 1, select the Local Security Settings tab, and select Success or failure on the corresponding tab page option, and then click OK, so that the Windows Server 2008 system automatically tracks and records the addition or deletion of user account events.

Once the auditing feature is enabled for the specified operation, the Windows Server 2008 system automatically records the associated action events in the corresponding log file, for example, when only a user account is secretly deleted, Windows Server The corresponding record file will appear automatically in the log file of the 2008 system. When you look at this specific record, we can first open the Windows Server 2008 system's Start menu, click the Settings, Control Panel, system and maintenance, and administrative tools options in turn, clicking the Event Viewer icon in the Pop-up Admin Tools List window. Open the Event Viewer Console window, expand the Windows Log node option in the display area to the left of the window, and we'll see the different categories of event content, such as system, security, application, forwarding events, Setup, and so on, and double-click

A specific event record below a category allows you to open the details interface of the corresponding event record, where we can learn about the source of the specified event, the event ID, and other descriptive information.

However, every time the manual method to view the event record content is often cumbersome, and network administrators are very difficult to know the first time in the server system what happened to the important events. To do this, we can attach a trigger task to a particular event, and when the same event record is generated again, the Windows Server 2008 system triggers automatically work to execute the specified task schedule. Through this task plan we can automatically notify the current event content to the network administrator, the network administrator received notification information, can take timely measures to solve the server system security problems.

When creating a new trigger task, we first find a specific event record from the Event Viewer window. For example, the event record that the user account is deleted, then right-click the logging option, click the Attach task to this event command from the pop-up shortcut menu, and open the Trigger Task Creation Wizard dialog box. Follow the wizard prompts to set the name information for the new task, and then select an appropriate trigger, and the Windows Server 2008 system triggers provide three triggers for the user to display the message, send the e-mail, start the application, and select a triggering method. Then set the specific trigger content, and finally click the Finish button to finish creating the new Trigger task.

Manage already triggered tasks

Creating successful trigger tasks automatically appears in the list of task schedules for the Windows Server 2008 system and into the Task Scheduler List window, where we can manage and set up the trigger tasks as we wish. When managing an existing trigger task, we can follow these steps:

First login to the Windows Server 2008 system with System administrator privileges, click Start/Program/attachment/System Tools/Task Scheduler in the System desktop, and open the Task Scheduler List window for the corresponding system;

Next, in the display area on the left side of the list window, expand the Task Scheduler Library/Microsoft/Event Viewer tasks branching option with the mouse, and in the middle of the Event Viewer tasks branching option, we'll see Windows Server 2008 All successful trigger tasks have been created in the system.

Here we can modify the parameters of each triggering task. For example, to modify the way a task is scheduled to be triggered, just right-click the specific trigger task, and then open the Properties setting window for the target trigger task from the right-click menu in Figure 2 to perform the Properties command.

In the General tab page of the Settings window, we can specify the running options for the target trigger task, such as whether to run the target trigger task when logging on to the system, or whether the user is logged on or not, and for some special trigger tasks, we sometimes need to select the "Run with highest privilege" option here. Ensure that the established actions in the target triggering task are successfully executed in the Windows Server 2008 system.

In the Triggers tab page, we can recreate a new trigger task by clicking the New button, and by clicking the Edit button, you can make some advanced settings for the currently selected trigger, such as specifying the delay task time, repeat task interval, expiration date, and so on for the target trigger task, by clicking Delete button to remove unwanted trigger tasks from the Windows Server 2008 system.

In the Actions tab page, we can see what triggers are being used by the target trigger, and if you need to adjust the new trigger, you can select the trigger you are currently using and click the Delete button to delete the target trigger, and then click New button to create a new triggering method. In addition, we can also click the "Edit" button here to modify some of the triggering parameters that are currently being used, such as modifying trigger headers, triggering content, selecting different triggers, and so on.

In the Criteria tab page, we can specify the criteria used to determine whether the task should run with the trigger, and if the condition set here is not true, then the target trigger task will not be executed automatically. For example, we can set how long the local computer is idle to run the currently triggered task automatically. You can also set the current trigger task to start only when the local computer is using AC power, and even set the trigger task to start when the specified network connection is active (as shown in Figure 3).

In the Settings tab page, we can specify some additional setting parameters that affect the target trigger task. For example, we can set how long it will take to restart a running target when a target task triggers a failure, or you can specify that a target trigger task to run for more than a long time, automatically stop the task

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.