Assigning Custom Tasks to Events in Vista

As mentioned earlier in my “Working with Vista’s new Event Viewer" and "Working with Filtering and Custom Views in the Vista Event Viewer" articles, the new Event Viewer in Windows Vista and Windows Server 2008 has been totally re-designed and now offers a much wider administrative capabilities.

One of the features of the new Event Viewer is the ability to easily assign custom tasks to events that are logged to any one of the logs. Although this feature has been possible in Windows XP and Windows Server 2003 by using the EVENTTRIGGERS command-line application, assigning tasks to events is now so simple that I fear we will all get too used to it…

Note: Although assigning tasks to events is a nice thing to have, I would like to remind you that this is not a true monitoring and reporting replacement. Tools like MOM and other monitoring software will perform much better than the simple tasks one would assign to any given event.

Assigning a custom task to an event

1. Open Computer Management by right-clicking the Computer icon on the start menu (or on the Desktop if you have it enabled) and select Manage. Navigate to the Event Viewer. Note: If you did not disable UAC (read my “Disable User Account Control in Windows Vista” article) then you will be prompted to consent to the action you’re about to perform. Click Continue. Note: You can also open the Event Viewer by typing Event Viewer in the Search box and pressing Enter, or typing eventvwr.msc in the Run command.
2. In the console tree, navigate to and select an event log. Note: You cannot assign a task to an event in a saved log.
3. Right-click the event and select Attach Task to This Event.  
4. In the Create Basic Task wizard, type a name and description, then click Next.  
5. In the When a Specific Event is Logged windows click Next.  
6. In the Action window you can select any of the following 3 options (you can change the action later, and even add more actions to the same event):
   • Start a program – Such as a batch file, an Anti-Virus scanner or other.  
   • Send an e-mail – To yourself or anyone else, and you can also specify the name or IP of the mail server.  
   • Display a message – A pop-up message on the machine’s screen.  
7. In the Summary window click Finish.

Testing the custom task

1. Open Computer Management by right-clicking the Computer icon on the start menu (or on the Desktop if you have it enabled) and select Manage. Navigate to the Task Scheduler. Note: If you did not disable UAC (read my “Disable User Account Control in Windows Vista” article) then you will be prompted to consent to the action you’re about to perform. Click Continue. Note: You can also open the Task Scheduler by typing Task Scheduler in the Search box and pressing Enter, or typing taskschd.msc in the Run command.
2. In the console tree, navigate to Task Scheduler Library > Event Viewer Tasks.
3. Note that the new event task is located in the central pane. Right-click in and select Run, or press the Run command on the right pane.  
4. Note that the task (in this case a message window) has been run successfully.

Changing the properties of the custom task

Changing the properties of the custom task might be useful when you need to change any setting assigned for the task, such as the type of Event ID, action, schedule or other settings.

To change the properties of the custom task:

1. In Task Scheduler > Task Scheduler Library > Event Viewer Tasks right-click the custom task, or press the Properties command on the right pane.  
2. In the Actions tab note that you can change, remove, or add the custom action to perform when the event is logged.  
3. In the Triggers tab you can change many settings, including when the task should not run, when it should expire and other settings.  

Summary

Running a custom task for any given error, warning, or security audit failure even that is logged on your computer is a highly effective way of keeping track of the problematic events you might be looking for, and is a huge improvement over previous versions of the Event Viewer snap-in.

Related Articles

• Can I quickly view other computer’s Event Logs?
• Working with Vista’s new Event Viewer
• Working with Filtering and Custom Views in the Vista Event Viewer

Got a question? Post it on our Windows Vista Forums!