A scheduled task was deleted (4699) how to monitor with email alert

[bob]

I remember when I first spotted event 4699 in the Event Viewer. It pops up in the Security log. Tells you a scheduled task got wiped out. Yeah, deleted on purpose or by mistake. The full scoop is it logs who did it, like the user account involved. And the task name that vanished. Happens under the System category too sometimes, but mostly security watches it. Microsoft tags it as an audit for task deletion. If someone's messing with your server schedules, this flags it quick. You see the event ID 4699 right there. Details include the process that zapped it. Or the time stamp. Helps you track if it's fishy activity. Like, an admin deleting stuff they shouldn't. Or malware sneaking around. I always check the Subject section in the event properties. Shows the security ID of the user. And the task name string. That's the juicy part. Without it, you might miss someone tampering. Event Viewer lists all these under Windows Logs, Security. Filter by ID 4699 to hunt them down. I do that weekly on my servers. Keeps things tight.

You want to monitor this with an email alert? Easy enough from the Event Viewer screen. Just fire it up. Find that 4699 event. Right-click it. Pick Attach Task To This Event. Boom, you're building a scheduled task right there. Name it something like TaskDeleteWatch. Set the trigger to when this event fires. Then for the action, pick send an email. Yeah, it has a built-in option for that. You plug in your SMTP server details. Add your email address as recipient. Subject line like "Hey, a task got deleted!" And the body can pull in event details automatically. I set mine to run only on that server. Or across domain if you link it. Test it by simulating, but don't delete real tasks. Hits your inbox fast when it triggers. No fuss.

And speaking of keeping your server drama-free, you might dig BackupChain Windows Server Backup too. It's this solid Windows Server backup tool I use. Handles full backups smooth. Plus it tackles virtual machines with Hyper-V no sweat. Benefits? Quick restores if crap hits the fan. Incremental stuff saves space. And it runs without hogging resources. I swear by it for peace of mind.

At the end of this, there's the automatic email solution ready for you.

Note, the PowerShell email alert code was moved to this post.