Pages

Tuesday, January 24, 2012

Attaching an Alert Task to a Windows Error

The Windows Event Viewer in one of the most useful, yet most under used features of the operating system.  Accessed by typing event into the Start Menu search box, or through the Computer Management Console it logs everything that happens in the OS, including warnings, errors and critical failures (sudden power losses or immediate restarts excepted).  When you have an error Windows will usually alert you by displaying a message on the screen, or by displaying the dreaded Blue Screen of Death.  Sometimes though a device driver, software package or Windows component will fail silently in the background, and you won’t be aware of the failure until you come to use it.

A couple of examples of this are a printer driver that fails silently, and you won’t notice until the next time you go to print something, or a networking component fails taking down a Homegroup or Internet Access.  Fortunately Windows does include a handy wizard utility to alert you when something happens silently in the background, and you access it in the Event Viewer.

The first step is to find the original error.  This isn’t actually as difficult as it sounds as events are all clearly labelled with plain English explanations.  The details will include the name of the driver, application or service which has stopped working and it’s normally not too difficult to find what you’re looking for as you can further drill down by the appropriate date and time.  There will never be too many errors and warnings on your system which again makes it easier to find the specific error event you are looking for.

Once you have found the appropriate error, double click to open it and all instances of the error will be shown.  Here is where we we attach a task to this event to let us know when it occurs next.  Why might we want to do this?  It could be that the error is caused by a conflict with another piece of software or hardware, or that some other force external to the failed component is causing the problem.  Attaching a task and alerting the user to the error can help you to diagnose the problem because, especially if it’s happening regularly you ought to be able to see a pattern.

In the right hand panel of the Event Viewer for a specific event you will see the option to Attach [a] Task to This Event and this is what you should click.  There are several things you can do, for instance run a program.  You could have a PowerShell or other script to report on the error.  Windows contains the command line WEVTUTIL which can be used to export the details of events from the Event Viewer as a text file, and you can read more about how you can use this command here.

You can also send an email, but note that this will only work if you have an email client such as Microsoft Outlook installed and configured.  What we want to do though is alert the user with a message.

The wizard really coiuldn’t be simpler and will allow you to set the title and content of a dialog message box.  For instance you might set the title as “Component Failure Alert!” and the message as “Please stop what you’re doing and phone IT, a component has failed and we need to know exactly what was happening and what you were doing on your computer the instant this message appeared.”

In short, attaching tasks to the event viewer can be incredibly useful, especially if you use Command or PowerShell scripts to automatically report on the problem, and the email system to then send the file on to someone.  It a great way for an IT department to be able to detect, diagnose and find a solution to the problem without the end user having to be too involved in the process, and given that tasks can be exported and installed on multiple machines quite simply this is a Windows feature that I’m surprised isn’t used much more often.



0 comments:

Post a Comment