Solved

Create/Deploy a custom event + view on W7 clients

Posted on 2014-04-17
7
503 Views
Last Modified: 2014-04-29
On W7 clients, I need to create/deploy remotely a custom event to which  task is connected running as SYSTEM and with highest privileges. Additionally, I need to create remotely a custom view for this event. How can this be done via GP or script?

tia
0
Comment
Question by:GeologyETH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 31

Expert Comment

by:merowinger
ID: 40006365
Event for Eventvwr or do you mean a schedules Task?
0
 

Author Comment

by:GeologyETH
ID: 40006518
I need to apply on remote W7 clients a scheduled task which is triggered by a custom event and which starts a script/program if the event appears. Additionally, a custom view for the custom event is needed on the clients.
0
 
LVL 31

Expert Comment

by:merowinger
ID: 40006569
Do you have any possibility to deploy that command to your Clients?
Group Policy, SCCM Server, ect.
If not you can do it manually on each Client from your Remote AdminPC with PSEXEC
http://technet.microsoft.com/de-de/sysinternals/bb897553.aspx

The command to create the Task is:
schtasks /create /TN "My Trigger" /RU SYSTEM  /TR "SomeAction.exe"  /SC ONEVENT /MO *[System/EventID=666]

Open in new window


With Psexec it would be like:
psexec \\Client1 "cmd /c schtasks /create /TN "My Trigger" /RU SYSTEM  /TR "SomeAction.exe"  /SC ONEVENT /MO *[System/EventID=177]"

Open in new window

0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:GeologyETH
ID: 40006651
I tried the schtasks cmd, but it seems that the /MO paramter doesn't work.

error: the specified channel could not be found. Check channel configuration.
(11,150):Subscription:<QueryList><Query><Select Path='(null)')*[System/EventID=10]</Select></Query></QueryList>
0
 

Author Comment

by:GeologyETH
ID: 40006743
ok, it works as

schtasks /create /TN "My Trigger" /RU SYSTEM /TR "SomeAction.exe" /SC ONEVENT /EC Application /MO *[Application/EventID=10]

Now, is there a possibility to enable "Run with highest privileges"?

Yes, I would like using a Group Policy.
0
 
LVL 31

Accepted Solution

by:
merowinger earned 500 total points
ID: 40007101
Ok, i missed that Parameter.

SYSTEM (Local System) always has the highest privileges on a Client.

So you run it as a script, or how have you planned it?
0
 

Author Comment

by:GeologyETH
ID: 40029156
Sorry for the late reply. I think, I'll try to apply it by a script via GP. Custom views are stored in "C:\ProgramData\Microsoft\Event Viewer\Views\", so I'll create such a custom view for the custom events to and apply it by copying onto the clients.

Thank you for your help.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question