Windows optimize

Take advantage of Vista's Event Viewer and Task Scheduler integration

In this edition of the Windows Vista Report, Greg Shultz shows you how to take advantage of the Event Viewer and Task Scheduler integration feature.

The EventTriggers command in Microsoft Windows XP would allow you to configure your system to provide notifications when certain events were recorded in one of the operating system's log files. While this was an extremely handy command to have in your troubleshooting arsenal, the fact that it was a command-line tool that had to be configured with a bewildering number of special parameters made using it a bit daunting. However, if you were able to master and use the EventTriggers command in Windows XP, chances are that you really appreciated the convenience it provided.

If you have moved to Windows Vista, you may have shelled out to a command prompt and attempted to run the EventTriggers command. If you have, you have undoubtedly discovered that the EventTriggers command is not included with Vista.

The reason that Microsoft removed the EventTriggers command from Vista is because they have replaced it with a totally new mechanism that integrates Task Scheduler with Event Viewer such that you can now attach a task directly to the event and then configure the task to perform any one of several operations whenever the event occurs and is logged in Event Viewer.

In this edition of the Windows Vista Report, I'll show you how to take advantage of this new Event Viewer and Task Scheduler integration feature.

This blog post is also available in PDF format in a TechRepublic download.

Getting started

To begin, right-click on the Computer icon and select the Manage command. When the Computer Management window appears, locate and open the Event Viewer branch in the Console Tree. Then, open the log that contains the event that you want to keep tabs on. Once you locate the event, simply right-click on it and select the Attach Task To This Event command, as shown in Figure A.

Figure A

When you right-click on any event, you'll see that the context menu allows you to associate the event with a task.
You'll then see the Create Basic Task wizard, shown in Figure B. As you can see, this is pretty much the same wizard that Task Scheduler provides except that it is specifically targeted on events in Event Viewer. At this point, you can provide a name for the task as well as a detailed description.

Figure B

A version of Task Scheduler's Create a Basic Task wizard appears that is targeted on the event you selected.
When you click Next, you'll see the When a Specific Event Is Logged screen, shown in Figure C. Since the task is already targeted on the event that you selected, there are no settings that you can configure on this page, simply click the Next button.

Figure C

The settings on this part of the wizard are preconfigured.
You'll now see the Action screen, shown in Figure D, and can choose from one of the three actions displayed. As you can see, you can Start a Program, Send an E-mail, or Display a Message.

Figure D

There are three actions that you can associate with the event in question.

Start a program

If you select the Start a Program option and then click Next, you'll see the Start a Program screen, shown in Figure E. You can click the Browse button and then locate and select any executable file, a batch file, or a script. If you're running a command-line tool, you can specify any parameters in the Add Arguments text box. You can even specify the directory in which you want the program to launch in the Start In text box.

Figure E

You can have the task run any executable file, batch file, or even a script.
When you click Next, you'll see the Summary screen, shown in Figure F, which lists all the details about the task that you just created. If you want to see the Properties dialog box for the task, be sure to select the check box.

Figure F

The Summary screen allows you to double-check your settings before you commit.
When you click Finish, you'll see an informational message box like the one shown in Figure G. As you can see, this message tells you that the Event Task that you just created is stored in Task Scheduler and that if you want to alter the task, you can do so from within Task Scheduler. How's that for integration?

Figure G

The Event Task is stored and can be altered in Task Scheduler.

Send an e-mail

Now, if you select the Send an E-mail option and then click Next, you'll see the Send an E-mail screen, shown in Figure H. As you can see, everything that you would need to compose a message in an e-mail is just where you would expect. You can even add an attachment if you want!

Figure H

Everything that you would expect in an e-mail client's compose a message window is available here.

At the very bottom you can specify the name of the SMTP server to use to send the e-mail.

Display a message

If you select the Display a Message option and then click Next, you'll see the Display a Message screen, shown in Figure I. As you can imagine, this feature allows you to essentially create your own warning dialog box. You simply give it a title and as detailed a message as you want.

Figure I

You can now give those silent and often deadly events a real voice with a custom message box.

If you've ever looked through the Event Viewer logs and discovered a dangerous event occurring at regular intervals that you'd never know about unless you looked in Event Viewer, then you will immediately recognize the benefit of the Display a Message option. Now, you can give those silent and often "deadly over time if left unattended" events a real voice.

What's your take?

What's your take on the Event Viewer and Task Scheduler integration feature? Did you use the old EventTriggers command in Windows XP? Are you likely to take advantage of this new feature? Please drop by the Discussion Area and let us hear from you.

About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

8 comments
movrshakr
movrshakr

Both Task Scheduler and Event Viewer in my Vista are presenting the error message "MMC has detected an error in a snap-in and will unload it" on any attempt to open them. One side effect is that I get none of the routine restore points created. How can this be fixed?

aspemail
aspemail

1. Can you please add some notes on limitations 2. Will it be smart enough to identify duplicates 3. Where can I get more information (Summary Report) about what are total number of EventTriggers added to the system to ensure duplicates are not created

bill_morphis
bill_morphis

Learn something new everyday. Just looking through the log file I see events that have taken place I wasn't even aware of. Very nice to know. Thanks!

RShady
RShady

This article is fine. But when events are not being recorded and you try to start the Windows Event collector in Services, you get an Event Collector Service Error 1079 (Windows could not start the Windows Event Collector service on local computer), AND an Event Log Service Error 4201 (Windows could not start the Windows Event Log Service on local computer). This has been the case since installing Vista Ultimate. Does anyone have a remedy for this?

Mark W. Kaelin
Mark W. Kaelin

This blog post explains one way to monitor your network for trouble inducing events, but it is not the only way. How do you monitor your network? Do, or did, you use the old EventTriggers command in Windows XP? Are you likely to take advantage of this new Windows Vista feature?

Greg Shultz
Greg Shultz

I found lot of reports of this problem on the Web and very few answers. However, I did find a step-bystep set of instructions titled "How to Fix the Event Viewer 4201 Error in Vista" on the Vista Forums Web site. http://www.vistax64.com/tutorials/110886-event-viewer-error-4201-a.html I don't have this problem and so have no way of verifying this solution, so please let us know if you have success in getting Event Viewer back up and running.

Chained
Chained

I believe this is a WMI issue. I found a post from Uncle Chachi (I don't know him but give him the credit) which said to change the owner of the %windir%\System32\Logfiles folder and all children to the Admin group. There is also this link http://www.vistax64.com/tutorials/110886-event-viewer-error-4201-a.html The last two options in this article is to do a System Restore, which I never liked, and running Vista repair. I prefer the repair option. Please post your results.

RShady
RShady

I have absolutely no desire of re-installing Vista, repair is iffy. I'll call Microsoft instead.