创建使用特定事件日志条目作为触发器的计划任务

时间:2017-03-15 05:29:28

标签: powershell

我正在尝试使用PowerShell创建一个使用Windows事件日志作为触发器的计划任务。将事件放入事件日志时,此任务将启动。我要监控的事件是事件ID 8001,下面是截图。

我在我的脚本中使用.Net方法,因为我无法在本机上找到使用PowerShell执行此操作的方法。 https://msdn.microsoft.com/en-us/library/windows/desktop/aa382577%28v=vs.85%29.aspx

此屏幕截图是示例计划任务的快照,该任务针对我要监视的同一事件。

Scheduled Task

到目前为止,这是我的尝试。

$taskName = "MyRepetitiveTask"

$Service = new-object -ComObject ("Schedule.Service")
$Service.Connect()
$RootFolder = $Service.GetFolder("\")
$TaskDefinition = $Service.NewTask(0)
$TaskDefinition.RegistrationInfo.Description = ''
$TaskDefinition.Settings.Enabled = $true
$TaskDefinition.Settings.AllowDemandStart = $true
$Triggers = $TaskDefinition.Triggers
$Trigger = $Triggers.Create(0) ## 0 is an event trigger
$Trigger.Enabled = $true
$TaskEndTime = [datetime]::Now.AddMinutes(30);$Trigger.EndBoundary = $TaskEndTime.ToString("yyyy-MM-dd'T'HH:mm:ss")
$Trigger.Id = '8001'
$Action = $TaskDefinition.Actions.Create(0)
$Action.Path = 'PowerShell.exe'
$action.Arguments = "$dropboxPath\request\Scripts\Hire\NetworkConnections\StartLTE-WiFi.ps1"
$RootFolder.RegisterTaskDefinition($taskName, $TaskDefinition, 6, "System", $null, 5) | Out-Null

2 个答案:

答案 0 :(得分:1)

好的,做了一些其他小修改,但修复此问题的主要修改是添加订阅行(第5行最后一行)。 

### Variables
$dropboxDBfile = Get-ChildItem -Path $env:USERPROFILE\AppData\Local -Recurse -ErrorAction SilentlyContinue | ? {$_.Name -eq 'host.db'}
$base64path = gc $dropboxDBfile.FullName | select -index 1
$dropboxPath = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($base64path)) # convert from base64 to ascii

$taskName = "Keep_WiFi_Connected"
$Path = 'PowerShell.exe'
$Arguments = "$dropboxPath\request\Scripts\Hire\NetworkConnections\StartLTE-WiFi.ps1"

$Service = new-object -ComObject ("Schedule.Service")
$Service.Connect()
$RootFolder = $Service.GetFolder("\")
$TaskDefinition = $Service.NewTask(0) # TaskDefinition object https://msdn.microsoft.com/en-us/library/windows/desktop/aa382542(v=vs.85).aspx
$TaskDefinition.RegistrationInfo.Description = ''
$TaskDefinition.Settings.Enabled = $True
$TaskDefinition.Settings.AllowDemandStart = $True
$TaskDefinition.Settings.DisallowStartIfOnBatteries = $False
$Triggers = $TaskDefinition.Triggers
$Trigger = $Triggers.Create(0) ## 0 is an event trigger https://msdn.microsoft.com/en-us/library/windows/desktop/aa383898(v=vs.85).aspx
$Trigger.Enabled = $true
$TaskEndTime = [datetime]::Now.AddMinutes(30);$Trigger.EndBoundary = $TaskEndTime.ToString("yyyy-MM-dd'T'HH:mm:ss")
$Trigger.Id = '8003' # 8003 is for disconnections and 8001 is for connections
$Trigger.Subscription = "<QueryList><Query Id='0' Path='Microsoft-Windows-WLAN-AutoConfig/Operational'><Select Path='Microsoft-Windows-WLAN-AutoConfig/Operational'>*[System[Provider[@Name='Microsoft-Windows-WLAN-AutoConfig'] and EventID=8003]]</Select></Query></QueryList>"
$Action = $TaskDefinition.Actions.Create(0)
$Action.Path = $Path
$action.Arguments = $Arguments
$RootFolder.RegisterTaskDefinition($taskName, $TaskDefinition, 6, "System", $null, 5) | Out-Null

完美运行 - 在运行此PowerShell脚本时,请记得以管理员身份运行

答案 1 :(得分:1)

我做了一些谷歌搜索,发现了一种很好的方法:

$Action = New-ScheduledTaskAction  -Execute 'Powershell.exe' -Argument "-ExecutionPolicy RemoteSigned -Command $Command"

$CIMTriggerClass = Get-CimClass -ClassName MSFT_TaskEventTrigger -Namespace Root/Microsoft/Windows/TaskScheduler:MSFT_TaskEventTrigger
$Trigger = New-CimInstance -CimClass $CIMTriggerClass -ClientOnly
$Trigger.Subscription = 
@"
<QueryList><Query Id="0" Path="System"><Select Path="System">*[System[Provider[@Name='Microsoft-Windows-Eventlog'] and EventID=6005]]</Select></Query></QueryList>
"@
$Trigger.Enabled = $True 

Register-ScheduledTask -Action $Action -Trigger $Trigger -TaskName "  Startup"  -Description 'test' -User 'System' -Force
相关问题
最新问题