Newsletters
|
| For media and analyst queries, please contact:
Harmala Singh-Francois Phone: (443) 539-3773 hfrancois@prismmicrosys.com |
EventSource April 2007 – Data Security and Compliance Regulations
Featured Article
Explore the Vista Task Scheduler
Microsoft has made some considerable changes to event management in Windows Vista. One related change is the way the Vista Task Scheduler has been enhanced. These enhancements allow you to link events to automated tasks. This article is the third in a series that demystifies the Vista Event Log.
By Danielle Ruest and Nelson Ruest
Event management includes close ties to system automation because you often need to generate automatic actions when specific events occur. For example, one of the most common tasks that is related to events is the automatic deletion of temporary files when disk drives get too full. Or in another scenario, you may require an automatic notification when unauthorized users try to log on to workstations that contain access to highly sensitive or confidential information.
In order to automate either notifications or tasks, you need to rely on the Task Scheduler. In Vista, the Task Scheduler has become much more of a real job scheduler. Like the Event Viewer and the Event Log system, the Task Scheduler has been completely rewritten and now offers several enhancements over the Task Scheduler found in previous versions of Windows. For one thing, the Task Scheduler now maintains a complete library of all scheduled tasks, all categorized according to source. In addition, like the Event Viewer, the Task Scheduler profits from a new interface based on the Microsoft Management Console (MMC) version 3.0 (see Figure 1).
Figure 1. The New Task Scheduler Interface
As with all MMC version 3 interfaces, this one sports three panes—moving from left to right, the first is the tree pane, the second is the details pane and the third is the action pane. And as you can see, the main Task Scheduler details pane displays task summaries, task summaries and active tasks giving you ready access to any task information.
Tasks in Vista are based on two main components:
- Launch conditions which can include up to three components:
- Triggers which are the elements which actually start a task
- Conditions which outline when and how the task can run
- Settings which outline the options for a task
- Actions which tell a task what to do
So far, this isn’t very different than previous task automation features found in other versions of Windows, but Vista’s Task Scheduler is a far cry from the Windows NT AT command. Previous versions of Windows had serious drawbacks when it came to system automation. Credentials for a task were stored with the task, therefore any credential changes had to be updated in the task’s properties. In addition, only one single action could be performed per task, limiting the usefulness of the Scheduler. And, in some cases, the Task Scheduler was restricted to administrators only, once again reducing the usefulness of this tool.
In Vista, all of these situations have been corrected. Vista now includes a whole series of new triggers—events; machine status such as idle, startup, logon and so on; session state changes such as opening or closing of Terminal Services sessions, or lock or unlocking of sessions; or even the more conventional time-based task startups. Tasks can even use other tasks as triggers, letting you create new, conditional or chained tasks and then, once the task has been initiated, have it repeat regularly or in other situations, add delays or other limits to a task (see Figure 2). In addition, tasks can run on universal time so that global organizations can create tasks in one time zone and ensure they run properly in any time zone.
Figure 2. Task Triggers
Each task can include more than one trigger ensuring the task will run if any of the launch elements occurs. Along with triggers, tasks will include conditions (see Figure 3) which determine how the task will behave. Conditions control if the task should run while the system is idle, if the task should run while the system is on battery power, if the system should be booted up to run the task should it be turned off, or even if the system should be linked to a network for the task to run.
Figure 3. Task Conditions
Settings control whether the task can be run manually, what should happen if the system was turned off when the task start time occurred, what to do if the task does not complete or fails or even runs too long. Settings can also apply rules to a task. These rules can include what to do if the start time occurs and an instance of the task is already running, or even delete the task once it has run (see Figure 4).
Figure 4. Task Settings
Actions can be any number of items including running a program, sending an email or simply displaying a message. This makes the Task Scheduler very powerful indeed since you could automatically display a warning message to users whenever they try to access protected areas of their system. This makes a strong case for running locked down systems and the Task Scheduler gives you the tools you need to make sure the systems stay locked down and users curb their habits.
Of course, actions can also be more traditional and actually run programs. This is after all, what the Task Scheduler was originally designed to do. And sending messages is also quite useful since administrators can receive notifications when tasks occur. For example, if you want to make sure that a critical task was performed on a system, then create a conditional task that sends an email once the other task completes. This saves you from having to verify task logs after the task was scheduled to run.
Vista will even hide tasks and otherwise control which credentials should be used when a task is run. In most cases, credentials are not stored in the task so you can change account passwords centrally without having to worry about all tasks failing. In some scenarios, though, credentials are stored in the secure Credential Manager store. In these cases, you still need to modify passwords locally but not in the task.
You can also use the Task Scheduler to create tasks for either Vista systems or for down-level versions of Windows. Tasks can be exported in XML format and re-imported to any other system. This makes it very easy to generate tasks on one system and ensure they run on all the systems in organizations of all sizes.
Finally, each task includes a history of operation, listing all of the events which indicate when the task was run and for how long. This makes it very easy to monitor tasks and make sure they run when expected.
Tasks can be created in one of three ways. The first lets you create a basic task and runs you through a wizard that takes you through each step required to build the task. Advanced tasks are created using the Create Task command which can be found either in the context menu or in the action pane. Create Task opens the Task dialog box and gives you access to each of the elements that make up a task. Finally, you can create and manage tasks through the command line through an updated schtasks.exe command (see Figure 5). This command lets you script operations such as importing tasks on different systems.
Figure 5. The schtasks.exe Command
Overall, the Task Scheduler is a much more powerful engine for task management and automation on Vista and, when it is linked to the Event Log, Task Scheduler becomes a very strong engine for proactive systems management. In our next article, we’ll examine just how Vista’s new Task Scheduler can be linked to the Event Viewer to automate tasks based on events and create a powerful system management platform with Vista’s own feature set.
About the Authors
Danielle Ruest and Nelson Ruest, MCSE+Security, MCT, Microsoft MVP, are IT professionals specializing in systems administration, migration planning, software management and architecture design. They are authors of multiple books, and are currently working on the Definitive Guide to Vista Migration (www.realtime-nexus.com/dgvm.htm) for Realtime Publishers as well as the Complete Reference to Windows Server Codenamed “Longhorn” for McGraw-Hill Osborne. They have extensive experience in systems management and operating system migration projects.
Industry News
TJX Stolen Data used in Florida Crime Spree
Police arrest group accused of using credit card info stolen from TJX customers; losses total more than $8 million
Protect your data where it resides for in-depth security that goes beyond standalone firewall and intrusion detection systems
Beyond SOX and Endpoint Security: Six emerging trends in Compliance
Last year, SOX dominated compliance efforts, organizations adopted endpoint security, data breaches grew epidemic, and experts warned companies that Vista would be no silver bullet for compliance or security efforts. Here’s what experts predict for the coming year.
Proven processes to meet IT Compliance
Whether SOX, HIPAA, GLBA or NISPOM, effective log management is key for meeting compliance requirements.
Download a free EventTracker trial for complete compliance automation and security management.
Network downtime from security attacks proves costly
Network downtime resulting from security attacks is costing companies a bundle, but steps can be taken to prevent the added expense.
Enhance the security of your critical systems (link to solutions – secure) with comprehensive security management including host-based intrusion detection, external attack detection, fast incidence response and forensic analysis.
By addressing data privacy, companies avoid public scrutiny
Whether your company is public or private, large or small, today's information privacy regulations may affect you and your organization on many different levels, not just financially and legally.
Cool Tools and Tips
Seven Strategies for Compliance Change Management
Driven especially by SOX, companies are turning to change management to provide needed discipline for changes to IT infrastructure and systems.
How To - Use change management to ensure the integrity of systems storing regulated data, enhance security and reduce downtime
Legal
This document is provided for informational purposes only. The information contained in this document represents the current view of Prism Microsystems, Inc. on the issues discussed as of the date of publication. Because Prism must respond to changes in market conditions, it should not be interpreted to be a commitment on the part of Prism and Prism cannot guarantee the accuracy of any information presented after the date of publication.
INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED 'AS IS' WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM INFRINGEMENT.
The user assumes the entire risk as to the accuracy and the use of this document. This document may be copied and distributed subject to the following conditions: 1) All text must be copied without modification and all pages must be included; 2) All copies must contain Prism's copyright notice and any other notices provided therein; and 3) This document may not be distributed for profit. All trademarks acknowledged. Copyright Prism Microsystems, Inc. 2005.
Prism Microsystems, Inc.
6990 Columbia Gateway Drive Suite 250
Columbia MD 21046