Adding Actions to Events in the Windows Event Viewer
I've written about hundreds of Windows 7 troubleshooting tips in my book Troubleshooting Windows 7 Inside Out but one of the most useful tips, at least for business customers, is how you can add actions to events in Windows.
Why would you want to do this? You can commonly find that drivers, services or software in Windows can crash without you even being aware of it. The only time you find out is later on when you want to perform an action such as print a document, attach to a corporate network or run a piece of bespoke software. These events can very often be triggered by something the user is doing at the time, perhaps running another piece of software or performing a specific action.
This is where attaching an action to an event becomes useful. In the Event Viewer in Windows you can launch a program, send an email (if the user has a desktop email client installed) or alert the user to the fact that something has occurred.
It's very easy to do this to. Once you're in the Event Viewer (either through the Computer Management console, the Control Panel or by typing Event into the Start Menu search box) keep double clicking on the event type and the error itself until you get to the screen you see here.
In the right hand panel (highlighted) is an option to attach a task to the event. It's here that we'll find all of our options. This will pop up a window in which we can define the task. We can specify whether we want to run a program (more on this in a bit), send an email (for which we'll need email software installed on the PC) or display a pop-up alert.
When you're finished you will see an option to display further properties for this task. You can tick this box for even more control and options.
It's here that we can specify additional tasks to run and in what order we want things to happen.
I talked a little while ago about running a program. There are a couple of very useful Command Line and PowerShell utilities that can come in very handy here. I won't go into detail on them in this article but they are both well documented on the Microsoft website.
You can run the program CMD.EXE with either the /c switch to carry out a command string and then stop, or the /k switch to continue afterwards (see here for more details on command line switches). It's here you can use the WEVTUTIL command to automatically poll the event viewer for data and perform an action such as saving it to the user's desktop. This can then immediately be sent to a support person for review. You can get full information on WEVTUTIL here.
You can also run POWERSHELL.EXE or involve the PowerShell command from the Command Line to automatically generate a System Health Report. The command you would use here is Get-RmsSystemHealthReport -Path <drive>:\Report [-StartTime <start_time>] [-EndTime <end_time>] -ReportType <report_type>. Full details of this command can be found here.
Any tasks you add can be viewed and edited in the Windows Task Scheduler and all in all, being able to add actions to events can be a real time-saver when it comes to diagnosing problems in Windows... especially those annoying intermittent ones.
Advertisement
