 | |||
|
|
||
| |||
| |||
| |
|
Home > How to generate actions from events in Microsoft Vista |
| |
|
|
|
|
| Book Excerpt: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
||||||||||||||||||||||||||||||||||||
I put this all together by suggesting that if there were particular events that you were concerned about—say, an account lockout happened—then you could use eventtriggers.exe to tell the Event Log service, "If an account lockout happens, run such-and-such blat command line to send me an alert on my phone as a text message." It worked pretty nicely but was, admittedly, cumbersome. So the new "Attach task to event…" option is a real blessing. To see this in action, open up the Application log and look at the events in it. If this is your first look into Vista's Event Viewer, look in the folder "Windows Logs"—it's probably already open, if not then open it—and notice that these logs bear the familiar names of Application, Security and System, as well as two new ones named "Setup" and "ForwardedEvents." Click the Application folder in the left-hand pane and in the right-hand pane (I always close the Action pane because I think you'd need a computer with a screen that isn't just in "landscape" mode, you'd need one in "panoramic mode" in order to make use of MMC 3.0's three panes) you'll see the events in that log. Right-click any one of them and you'll see in the resulting context menu that you've got a new option, "Attach Task To This Event…;" click that, and you'll see a wizard page like the one in Figure 1.14.
Why a wizard? Well, as it turns out, Vista's Event Viewer offers you several opt
ions on how to respond. (They even simplified setting up my suggestion about e-mailing admins when an event occurs, as you'll see.) Click Next to see a figure like Figure 1.15. First, as with eventtriggers.exe, you can specify any given application. Or you can send an email, or display a message on the server's desktop. I'll consider all three options in a moment, but for now, I'll click the radio button next to "Send an email" and then Next to see something like Figure 1.16.
Figure 1.14: Starting the Create Basic Task Wizard
Figure 1.15: Event viewer offers three kinds of responses
Figure 1.16: Setting up an email notification This page looks very much as you'd expect, allowing you to punch in a from address, to address, subject and text. It even lets you add an attachment, which is a nice touch, and specify the name of the SMTP server to use to send the e-mail. If I click Next, I get a summary screen like the one in Figure 1.17. This is a nice summary of what's going to happen once I click Finish, although truthfully it's not necessary. An administrator can always modify or delete an event task, as you'd expect. Ah, but where you modify or delete that event task, that'll surprise you. When I click Finish, I get the message box in Figure 1.18.
Figure 1.17: Sumarizing the trigger
Figure 1.18: Changes? Off to the task scheduler This seems like a bad idea to me. Vista's user interface does a fairly decent job of providing what Microsoft has come to like calling "discoverability," which is their recently coined term for "a user interface that makes figuring out what you can do with a GUI program easier." So here you've created an event task in the Event Viewer; you'd think that you could modify or delete it in the Event Viewer. But no, instead Microsoft's got you going to the Task Scheduler to do that. Check out other excerpts from this chapter of Mark's book, Administering Windows Vista Security: The Big Surprises. SearchWindowsSecurity.com also features excerpts from chapter eight, "Locking Up the Ports: Windows Firewall", of Mark Minasi's book, Mastering Windows Server 2003 Upgrade Edition for SP1 and R2.
|
|
|
|
||||||||||||||||||||||||||||||||||
|
|
 |  |  | |  | |  | |  | |  | |  | |
|
|
About Us | Contact Us | For Advertisers | For Business Partners | Site Index | RSS |
|
|
||
|
|||||||
