How to generate actions from events in Microsoft Vista

• You'd need a cell phone that could receive text messages via email. For example, my cell carrier is Verizon Wireless, and you can send an SMS text message to any Verizon cell phone by sending e-mail to cellphonenumber@vtext.com.
• You need a program that can send simple emails from the command line. There's a free one called "blat" at http://www.blat.org.
• You need XP or 2003, as they support event triggers.

I put this all together by suggesting that if there were particular events that you were concerned about—say, an account lockout happened—then you could use eventtriggers.exe to tell the Event Log service, "If an account lockout happens, run such-and-such blat command line to send me an alert on my phone as a text message." It worked pretty nicely but was, admittedly, cumbersome. So the new "Attach task to event…" option is a real blessing.

Warning! Be sure to configure the SMTP server to accept e-mails from this server, or you'll never get an alert via e-mail. All well-configured SMTP servers nowadays have strict rules restricting SMTP relaying and would probably reject the e-mail that the Event Log service tried to send to the SMTP server. Andsetting up random extra SMTP servers without all of those strict rules is areally bad idea, as it's one way that spammers send all of that junk but don'tget caught.

To see this in action, open up the Application log and look at the events in it. If this is your first look into Vista's Event Viewer, look in the folder "Windows Logs"—it's probably already open, if not then open it—and notice that these logs bear the familiar names of Application, Security and System, as well as two new ones named "Setup" and "ForwardedEvents." Click the Application folder in the left-hand pane and in the right-hand pane (I always close the Action pane because I think you'd need a computer with a screen that isn't just in "landscape" mode, you'd need one in "panoramic mode" in order to make use of MMC 3.0's three panes) you'll see the events in that log.

Right-click any one of them and you'll see in the resulting context menu that you've got a new option, "Attach Task To This Event…;" click that, and you'll see a wizard page like the one in Figure 1.14.

Why a wizard? Well, as it turns out, Vista's Event Viewer offers you several options on how to respond. (They even simplified setting up my suggestion about e-mailing admins when an event occurs, as you'll see.) Click Next to see a figure like Figure 1.15.

First, as with eventtriggers.exe, you can specify any given application. Or you can send an email, or display a message on the server's desktop. I'll consider all three options in a moment, but for now, I'll click the radio button next to "Send an email" and then Next to see something like Figure 1.16.

Figure 1.14: Starting the Create Basic Task Wizard

Figure 1.15: Event viewer offers three kinds of responses

Figure 1.16: Setting up an email notification

This page looks very much as you'd expect, allowing you to punch in a from address, to address, subject and text. It even lets you add an attachment, which is a nice touch, and specify the name of the SMTP server to use to send the e-mail.

If I click Next, I get a summary screen like the one in Figure 1.17.

This is a nice summary of what's going to happen once I click Finish, although truthfully it's not necessary. An administrator can always modify or delete an event task, as you'd expect. Ah, but where you modify or delete that event task, that'll surprise you. When I click Finish, I get the message box in Figure 1.18.

Figure 1.17: Sumarizing the trigger

Figure 1.18: Changes? Off to the task scheduler

This seems like a bad idea to me. Vista's user interface does a fairly decent job of providing what Microsoft has come to like calling "discoverability," which is their recently coined term for "a user interface that makes figuring out what you can do with a GUI program easier." So here you've created an event task in the Event Viewer; you'd think that you could modify or delete it in the Event Viewer. But no, instead Microsoft's got you going to the Task Scheduler to do that.

Check out other excerpts from this chapter of Mark's book, Administering Windows Vista Security: The Big Surprises.

SearchWindowsSecurity.com also features excerpts from chapter eight, "Locking Up the Ports: Windows Firewall", of Mark Minasi's book, Mastering Windows Server 2003 Upgrade Edition for SP1 and R2.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Endpoint security management tools The right security tools for finding Windows desktop weaknesses Using BitLocker in Windows 7 20 days to a more secure enterprise How to get -- and keep -- user support with security MDOP for Windows 7 available now Microsoft's Online Desktop Manager caters to small IT shops Monitoring user activity with network analyzers Using third-party technologies with Microsoft's NAP Understanding Microsoft's NAP's internal and external components Microsoft's NAP can ensure security compliance Microsoft Windows Vista operating system Windows 7 launches, offers salvation from Vista An intro to Windows 7's Deployment Image Servicing and Management tool Guide to converting from Windows XP to Windows 7 Choosing the best way to install images Has Microsoft corrected Vista annoyances in Windows 7? Microsoft's August patches run the gamut Your questions answered: The Windows 7 upgrade quandary Windows Vista users get little pricing relief on Windows 7 Combining folder redirection with roaming profiles IPv6 protocol, Windows Vista features simplify peer ad-hoc networking

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary system tray  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary