Get email alerts when hard drive develops bad sectors

If you are managing over 100 computers network, this will be a cool idea to make your life easier. we know well, once a hard drive makes failure, how we struggle to get data back. but how it is cool if we can acknowledge it before hard drive failure. 

according to my experience hard drives not fail suddenly & before it get in to series, for many days & weeks it writes to event viewer that it is failing. usually we cannot read every machine's event log for hard drive failures. this is the reason we miss this important message.
If you manage a windows domain network, using GPO we can configure to receive email notifications when drive errors occur. I am going to show you an amazing way to do this trick. you may apply for this for another goal also.
If you use this successfully, you may feel what a wonderful trick is this because there is no time waste in your Sys Admin life.

We use Group policy to do this

Brief of tasks we are going to do.

we use small query to find specific events belongs to hard drive errors
we use open source small email sending executable to send emails.
we should look for event ID 7, 52, 153, 2013 which are critical.
to acknowledge which PC error occurs, we attach host name of the pc along with email.


1) Since we need to apply this setting for all computers in the domain, I prefer editing default domain policy for this.

i. Open Group policy management console.
ii. Expand root domain
iii. Right click on default domain policy & select Edit.
iv. create a folder creation task as following image. this will create a folder called Eventlog in client PC's C:\ path. we use this folder to put our task related files.



2) download opensource sendemail.exe from following location SendEmail executable

i. create a folder called eventlog in \\yourdomain.local\SYSVOL\yourdomain.local\scripts 
ii. copy the downloaded file to this folder.
iii. create a batch file called hostname.bat in above eventlog folder with following content to pickup host name

@echo off
cd /
hostname > c:\eventlog\hostname.txt
cls

iv. create file copy task to copy above files to client PCs. specify following location in source file path \\yourdomain.local\SYSVOL\yourdomain.local\scripts\eventlog\filename



it will copy specified file to client PC's c:\eventlog folder. repeat the same to copy other two files shown in above image.

3) now we can push a scheduled task to client PCs, then it will trigger when specified error occurs.

i. Expand Computer configuration node, preferences, control panel settings, scheduled tasks.
right click in right side, new, scheduled task at least windows 7




ii. select replace & put a task name. use NT AUTHORITY\system to run account. select run whether user logged in or not. 
iii. click on triggers tab & select on an event  
iv. select custom & click on new event filter 
v. click on XML tab & tick edit query manually 
refer the image below. 


create four different query filters using following queries as above image shows. image shows three & you may create four query filters.

<QueryList>
  <Query Id="0" Path="System">
    <Select Path="System">*[System[(EventID=7)]]
and
*[EventData[
(Data='\Device\Harddisk0\DR0') or 
(Data='\Device\Harddisk0\DR1') or 
(Data='\Device\Harddisk0\DR2') or 
(Data='\Device\Harddisk0\DR3') or 
(Data='\Device\Harddisk0\DR4') ]]
</Select>
  </Query>
</QueryList>


<QueryList><Query Id="0" Path="System"><Select Path="System">*[System[Provider[@Name='disk'] and EventID=2013]]</Select></Query></QueryList>


<QueryList>
  <Query Id="0" Path="System">
    <Select Path="System">*[System[(EventID=153)]]
and
*[EventData[
(Data='\Device\Harddisk0\DR0') or 
(Data='\Device\Harddisk0\DR1') or 
(Data='\Device\Harddisk0\DR2') or 
(Data='\Device\Harddisk0\DR3') or 
(Data='\Device\Harddisk0\DR4') ]]
</Select>
  </Query>
</QueryList>


<QueryList><Query Id="0" Path="System"><Select Path="System">*[System[Provider[@Name='disk'] and EventID=52]]</Select></Query></QueryList>



vi. now click on actions tab, new, start a program
add the hostname.bat file in c:\eventlog, it will run & generate hostname to email.
click again on new, start a program & put email sending parameters. when task triggers it will send the email to an address you specify along with host name which error occurred.


browse the send email.exe executable in c:\eventlog & add the following arguments. you may need working email address with sending credential 

-f eventforwader@yourdomain.com -s mail.yourdomain.com:587 -o tls=yes -xu eventforwader@yourdomain.com -xp youremailpassword -t eventforwader@yourdomain.com -u System Event Error log ID 7, 153, 2013 -m System Event log ID 7, 153, 2013 (disk error) -a c:\eventlog\hostname.txt

above command will send an email with attaching host name of the error occurred, once you receives the specific email, you can look in to event viewer of specific PCs & take necessary actions to replace faulty hard drives.
here in the query filter, i have used system drive (disk 0) only. if you wish, you may use filter for secondary drives as well.

task will automatically run & send email once error occurs.

Please feel free to put a comment if this was useful to you
Should you think that you need further assistance from me, please use contact us form 

Comments

Post a Comment

Popular posts from this blog

WSUS Client is not downloading updates

Image
Fix for windows clients are searching for updates forever.  According to my investigation, most of times this issue begins after installing  KB2919355 update  & this is affected for wsus clients & both direct download updates from Microsoft web site. This is not an issue with wsus server. once we click on check for updates in control panel windows update, we can see it is searching for updates forever & nothing other than. Checking for updates forever If you are using wsus server to deploy updates to client computers, you can see following errors in the wsus console. This computer has not reported status yet This computer has not reported status in xxx or more days. Solution steps Restart windows update service Download & install following windows update from Microsoft web site  KB3102812 . After reboot client computer stop Windows Update Service & Windows Modules Installer service. delete C:\Windows\SoftwareDistribution root folder. (you cann
Read more

Stop executables from usb storage

Image
Removable media (usb storage devices) is a headache for IT staff If you are managing many computers in a domain. Usually users plug same usb device for many computers. Eg: to home PC, personal laptops, friend's & colleague's computers & etc... even if your corporate network is protected from antivirus software, still those devices can infect from outside. to get rid of this hassle many organizations completely block removable media devices for corporate networks while those are required for some day today works (flexibility) here I show you a small method which prevents executing every executables from usb storage. we use group policy to deploy this to all computers. its very simple, we specify some drive letters & all the executable content within any folder structure will be prevented from running. usually in any microsoft windows system C drive is for OS, D is for optical drive & e, f for next hard drive partitions. usually issuing drive letters fo
Read more