How to Use Create Response Wizard to Add a Batch File to Run on Managed Computer As Response to Custom Alert Generating Rule
In SCE 2007 SP1, I created a custom alert generating rule for a certain event ID in one of the Windows event logs. The alert works fine, but I want to add to the alert response an additional response to run a batch command file on the managed computer that triggered that occurrence of the alert. I cannot seem to get to work -- but I get no errors either. In in the Custom Rule's Configuration tab, I added a response of type "Script" and I typed in my batch file. I did not use any parameters for the response script. The batch file runs a couple of Windows command line commands (tasklist.exe and netstat.exe) and outputs the command results to a text log file. I do not get the batch file's output log file created on my managed computer when I trigger the rule. I know the rule works because it send me alert emails when it triggers. I also know the batch file works fine running independently on the managed computer. What do I need to do to make this all work together? Thanks, Jmcnemar J McNemar
February 17th, 2012 1:57pm

Hello JM, Firstly, I have some important questions: What is the type of the rule you have created to run the batch command file? --I cannot find a Script Page in an Alert Generating Rule wizard. How did you write the script? --SCE 2007 accepts two types of scripts: Vb Script and J Script. Make sure you wrote a proper script. You cannot just input the batch command file name. For more details: Script Page Thanks,Yog Li TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
February 20th, 2012 4:43am

Good morning, Yog. To answer your questions: 1. You are not presented with the opportunity to add a script or command during the initial custom rule creation. it is after you create the rule, you can access its properties in the Authoring pane and edit/add Responses in the rule's Configuration tab. When you click the Add button, you are presented with the choice of command or script and then sent to a page to either enter the command line or the script, depending on the choice you made. 2. You may be technically correct about 'cannot just input the batch command file name' as a script, but in fact you can use a batch command file in the rule, as I will explain what I discovered while waiting for help... With the caveat of having to add the batch command file locally on the managed computer, I was able to get my custom alert producing rule to also run the batch command file when triggered. I added a Response to run a command to the Alert response already created when I created the Rule. For the Command line, I typed the 'Full path to file' of my batch command file (i.e. - %windir%\testit.bat) that I had previously added to the manager computer. When I triggered the Alert rule, the batch command ran just fine on the managed computer. So I have this working now. But, I sure would like to be able to do this without having to first add the batch command file to ALL of the managed computers I want to have this Rule work on. My question is now how can I do this? Thanks, J McNemar J McNemar
February 21st, 2012 7:53am

Thanks, Yog. that got me a little farther. Now I am have permissions issues getting my batch file to run. I believe the default Run As Profile for the Rule Response that calls my batch file on the network share is the Local System account. When I trigger my alert using the Default Run As Profile, the Operations Manager event log on the target client records this error: Event Type: Error Event Source: Health Service Modules Event Category: None Event ID: 21400 Date: 2/23/2012 Time: 12:42:18 PM User: N/A Computer: MyTarget Description: Failed to create process due to error '0x80070005 : Access is denied. ', this workflow will be unloaded. If I change the Run As Profile for the Rule Response that calls my batch file on the network share to be the Domain Admin account, everything works perfectly. I really do not want to have to use the Domain Admin account. I tried using the Network Service account, but still got the same Operations Manager event log error. What do you suggest? Thanks, J McnemarJ McNemar
Free Windows Admin Tool Kit Click here and download it now
February 23rd, 2012 2:56pm

Hello J McNemar, I'm afraid you cannot use the Local System or Network Service account to run a command on the managed computers. As you have found, the Run as Accounts must have local administrator permission, and our suggestion is to use a domain admin account. Thanks,Yog Li TechNet Community Support
February 28th, 2012 3:14am

Hello J, Thanks for sharing the experience wit us. It will be very useful for other community members facing similar scenarios.Yog Li TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 5th, 2012 11:07pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics