Explain the use of Windows 2008 trigger features

  
                

As a network administrator, the daily job is to check the system log file to view the important things happening in the server system. Only the network administrator can view the event log to learn the specific situation. If there is any situation in the system, the network management How to master it in the first place? At this time, we can skillfully use the trigger function under windows2008 to solve this problem. Let's take a look at the use of this trigger function.

First, create a new trigger task

Windows Server 2008 system trigger task is created based on specific events, we first need to let the system record a fault phenomenon and generate an event Then, through the newly added additional task function of the system, the specified trigger task is attached to the target event, and when the same event occurs in the future, the specified trigger task can be automatically run to notify the network administrator that the current server system occurs. What are the important things.

By default, Windows Server 2008 does not automatically record a fault phenomenon. We must audit the specific fault phenomenon, so that the event viewer of Windows Server 2008 system can be specific. The fault phenomenon is tracked. For example, if the event viewer of the Windows Server 2008 system automatically remembers that the user account was maliciously deleted, we should click the "Start”/“Set”/“Control Panel” command in In the pop-up system control panel window, double-click the “Administrative Tools” icon, and then double-click the “Local Security Policy” option in the list of management tools to open the local security policy list window;

in the list window On the left side of the display area, expand the "Security Policy" and then click the "Audit Policy" branch option. Double-click the "Audit Account Management" option under the "Audit Policy" branch to open the option settings dialog box and select &ldquo The "Local Security Settings" tab, select the "Success" <;Failure” option in the corresponding tab page, and then click the "OK" button, so that the Windows Server 2008 system will automatically track and Record the addition or deletion of user account events.

Once the auditing function is enabled for the specified operation, the Windows Server 2008 system automatically records the relevant operation events in the corresponding log file. For example, only when a user account is secretly deleted in the future, Windows The corresponding log file will appear automatically in the log file of the Server 2008 system. When viewing this specific record content, we can first open the "Start" menu of the Windows Server 2008 system, and then click "Settings", "Control Panel", "Control Panel", "System and Maintenance", “Administrative Tools”Options, click the “Event Viewer'; icon in the pop-up management tool list window to open the Event Viewer console window, and display the area on the left side of the window to expand “Windows Log” Node options, we will see the contents of different categories of events such as "System", "Security", "Applications", "Forwarding Events", "Installers", etc. Double-click the specific event record under the

category to open the detailed information interface of the corresponding event record. Here we can learn the source of the specified event, event ID and other description information.

However, it is often cumbersome to use manual methods to view event log content, and it is difficult for network administrators to know what important events have occurred in the server system in the first place. To do this, we can attach a trigger task to a specific event. When the same event record is generated again in the future, the trigger of the Windows Server 2008 system will automatically work to execute the specified task plan, and plan us through this task. The content of the current event can be automatically notified to the network administrator. After the network administrator receives the notification information, it can take timely measures to solve the security risks in the server system.

When creating a new trigger task, we first need to find a specific event record from the event viewer window, such as the event record of the user account deleted, and then right-click the record option. From the shortcut menu that pops up, click the “Add task to this event” command to open the Trigger Task Creation Wizard dialog box, follow the wizard prompts to set the name information of the new task, and then select a suitable trigger method, Windows Server 2008. The trigger of the system provides three trigger modes for the user, which are to display the message, send the email, start the application, select a certain trigger mode, then set the specific trigger content, and finally click “Complete&rdquo The button ends the creation of a new triggered task.

Second, management has triggered tasks

Each successful trigger task will automatically appear in the task plan list of Windows Server 2008 system, enter the task plan list window, we can There are trigger tasks to manage and set up as you like. When managing an existing trigger task, we can follow the steps below:

First log in to the Windows Server 2008 system with system administrator privileges, click “start”/&ldquo ; Programs & rdquo; /& ldquo; Attachments & rdquo; /& ldquo; System Tools & rdquo; /& ldquo; Task Scheduler & rdquo; command, open the corresponding system's task plan list window;

Secondly on the left side of the list window Display area, use the mouse to expand the "Task Scheduler Library" //////" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " You will see all the triggered tasks that have been successfully created in the Windows Server 2008 system. Previous12Next page Total 2 pages

Copyright © Windows knowledge All Rights Reserved