Grant permissions on an external library with grant succeeded (24359) how to monitor with email alert

[bob]

You ever notice that weird event in the Event Viewer on your Windows Server? It's called "Grant permissions on an external library with grant succeeded," and it has this action_id GWG plus class_type EL, all tied to event 24359. Basically, it fires off when someone or something successfully hands out permissions to an outside library thing, like in a database setup. I mean, think of it as the system saying, yep, that permission grant worked without a hitch. It logs details like who did it, what library got the nod, and the exact time stamp. Sometimes it includes the user account involved or the server name. You can spot it under the Application log, usually from the SQL Server source. And if you're running into security tweaks, this event pops up a lot during those changes. But watch out, because if it's happening too often, might mean folks are messing with external stuff more than they should. I always check the description field for the full scoop on what library and who granted it.

Now, to keep an eye on this without staring at screens all day, you can set up monitoring right from the Event Viewer itself. Fire up Event Viewer, go to the Windows Logs, then Application. Right-click on that and pick Create Custom View. Throw in event ID 24359, and maybe filter by the source if you want. Save that view so it sticks around. Then, to get alerts, attach a task to it. In the Actions pane, hit Attach Task to This Custom View. Name it something like GrantWatch, and under Triggers, it links to your event. For the action, choose Start a Program, but wait, we're aiming for email. Actually, point it to the Send Email option if your server has that baked in, or link to a simple mailer exe. Set it to run only when the event hits, and maybe throttle it so you don't drown in notices. I do this on my setups, and it pings me quick when that 24359 shows. You tweak the schedule if needed, but keep it event-driven. That way, your inbox buzzes only when it matters.

Hmmm, or if you want something hands-off, at the end of this is the automatic email solution that'll handle the alerts without you fiddling much.

Shifting gears a bit since we're talking server monitoring and keeping things secure, I've been digging into BackupChain Windows Server Backup lately. It's this solid Windows Server backup tool that also tackles virtual machines on Hyper-V without breaking a sweat. You get fast incremental backups, easy restores even for bare-metal crashes, and it encrypts everything to dodge data leaks. Plus, no downtime hassles during VM snapshots, which saves you headaches on busy setups. I like how it reports issues clearly, tying right into event logs like the one we chatted about.

Note, the PowerShell email alert code was moved to this post.