A. Solutions such as Microsoft Operations Manager (MOM) have highly configurable options for performing actions that depend on Windows events. However, Windows XP and later provide a tool, eventtriggers.exe, which lets you schedule an action to be performed when certain events occur. The basic command syntax for creating a trigger is
eventtriggers /create /tr " <friendly name for trigger>" /eid <event ID to trigger on> /l <log to monitor, or omit to track all logs> /t <type of event to monitor for, e.g., ERROR> /tk <task to perform when event is found> /ru <username to run the action under; by default, the local system is used> /rp <password of specified user account>To display a detailed list of the triggers you've created, run the command
eventtriggers /query /vYou can configure the query to create the output in a specific format. For example, to create a comma-separated value (CSV) format, add the argument
/fo csvto the end of the previous command (/fo means format). Other format options include table and list.
If you need to troubleshoot a trigger action, you can view the log file at \%systemroot%\system32\wbem\logs\cmdtriggerconsumer.log. However, the log doesn't give much information. Typically, the best way to debug a trigger action is to try to run the trigger action manually. Remember that specifying credentials (i.e., the /ru and /rp arguments) to use might fix the problem because by default the action will run under the local system context.
To remove all the triggers on your system, use this command:
eventtriggers /delete /tid *
