Windows Server 2008 System Trigger

The Windows Server 2008 system event log function records various important things happening in the server system, such as network access, system login, program running, resource invocation, etc. The recorded event content mainly includes event description, event source, and event. Type, etc. By carefully analyzing the content of these events, the network administrator can not only understand the running status of the server system, but also timely process the threats hidden in the system to ensure the operational security of the server system. However, the network administrator must actively check the event log every time to understand what is happening in the server system; if something important happens in the server system, can the Windows Server 2008 system automatically pop up a reminder to alert the network administrator? The answer is yes! We can use the trigger function of the Windows Server 2008 system to let the server automatically remind the network administrator of important events, without having to manually view the system log files each time.

Create a new trigger task

The trigger task of the Windows Server 2008 system is created based on specific events. We first need to let the system record a fault phenomenon and generate an event. Through the newly added additional task function of the system, the specified trigger task is attached to the target event, and when the same event occurs in the future, the specified trigger task can be automatically run to notify the network administrator of what is happening in the current server system. important things.

In the default state, Windows Server 2008 does not automatically record a fault phenomenon. We must audit the specific fault phenomenon, so that the event viewer of Windows Server 2008 system can be specific. The fault phenomenon is tracked. For example, if the event viewer of the Windows Server 2008 system automatically remembers that the user account was maliciously deleted, we should click the "Start”/“Set”/“Control Panel” command in In the pop-up system control panel window, double-click the “Administrative Tools” icon, and then double-click the “Local Security Policy” option in the list of management tools to open the local security policy list window;

in the list window On the left side of the display area, expand the "Security Policy" and then click the "Audit Policy" branch option. Double-click the "Audit Account Management" option under the "Audit Policy" branch to open the option shown in Figure 1. Set the dialog box, select the "Local Security Settings" tab, select the "Success" <;Failure” option in the corresponding tab page, and then click the "OK" button, so Windows Server 2008 Adding or deleting user account events is automatically tracked and logged.

When the audit function is enabled for the specified operation, the Windows Server 2008 system automatically records the relevant operation events in the corresponding log file. For example, only when a user account is secretly deleted in the future, Windows The corresponding log file will appear automatically in the log file of the Server 2008 system. When viewing this specific record content, we can first open the "Start" menu of the Windows Server 2008 system, and then click "Settings", "Control Panel", "Control Panel", "System and Maintenance", “Administrative Tools”Options, click the “Event Viewer'; icon in the pop-up management tool list window to open the Event Viewer console window, and display the area on the left side of the window to expand “Windows Log” Node options, we will see the contents of different categories of events such as "System", "Security", "Applications", "Forwarding Events", "Installers", etc. Double-click the specific event record under the

category to open the detailed information interface of the corresponding event record. Here we can know the source of the specified event, the event ID and other description information.

However, it is often cumbersome to use manual methods to view event log content, and it is difficult for network administrators to know what important events have occurred in the server system in the first place. To do this, we can attach a trigger task to a specific event. When the same event record is generated again in the future, the trigger of the Windows Server 2008 system will automatically work to execute the specified task plan, and plan us through this task. The content of the current event can be automatically notified to the network administrator. After the network administrator receives the notification information, it can take timely measures to solve the security risks in the server system.

When creating a new trigger task, we first need to find a specific event record from the event viewer window, such as the event record of the user account deleted, and then right-click the record option. From the shortcut menu that pops up, click the “Add task to this event” command to open the Trigger Task Creation Wizard dialog box, follow the wizard prompts to set the name information of the new task, and then select a suitable trigger method, Windows Server 2008. The trigger of the system provides three trigger modes for the user, which are to display the message, send the email, start the application, select a certain trigger mode, then set the specific trigger content, and finally click “Complete&rdquo The button ends the creation of a new triggered task.

Manage existing trigger tasks

Creating successful trigger tasks will automatically appear in the task plan list of Windows Server 2008 system, enter the task plan list window, we can trigger the existing The task is managed and set up as you like. When managing an existing trigger task, we can follow the steps below:

First log in to the Windows Server 2008 system with system administrator privileges, click “Start”/&ldquo ;Program”/“Attachments"/“System Tools”/“Task Scheduler” command to open the task plan list window of the corresponding system;

Second on the left side of the list window Display area, use the mouse to expand the "Task Scheduler Library" //////" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " You will see all the triggered tasks that have been successfully created in the Windows Server 2008 system.

Here we can modify the various parameters of each trigger task. For example, to modify the trigger mode of a task plan, we just right click on the specific trigger task and pop up from the pop-up. In the right-click menu shown in Figure 2, execute the "Properties" command to open the property setting window of the target trigger task.

In the "General" tab of the settings window, we can specify the running options of the target-triggered task, such as whether to run the target-triggered task when logging in to the system, or whether the user should log in or not, etc. For some special trigger tasks, we sometimes need to select the "Run with the highest privilege" option here to ensure that the specified actions in the target trigger task are successfully executed in the Windows Server 2008 system.

In the "Trigger> tab page, we can recreate a new trigger task by clicking the “New” button, by clicking the “Edit” button The currently selected triggers perform some advanced settings, such as specifying the delayed task time, repeat task interval, expiration date, etc. of the target trigger task. Click the “delete” button to remove some unwanted trigger tasks from Windows. Removed from the Server 2008 system.