Windows Task Scheduler won't run task based on RDP login event

remote-desktop windows-11 scheduled-tasks

I want to run a command whenever I log in to my computer via RDP remote session. In task scheduler, I set the trigger as follows:

<QueryList>
  <Query Id="0" Path="Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational">
    <Select Path="Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational">*[System[(Level=4 or Level=0) and (EventID=1149)]]</Select>
  </Query>
</QueryList>

Then I tried logging in via RDP but the task won't be triggered at all, even though the event is logged.

Protokollname: Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
Quelle:        Microsoft-Windows-TerminalServices-RemoteConnectionManager
Datum:         22.10.2021 16:01:32
Ereignis-ID:   1149
Aufgabenkategorie:Keine
Ebene:         Informationen
Schlüsselwörter:
Benutzer:      Netzwerkdienst
Computer:      My Computer Name
Beschreibung:
Remotedesktopdienste: Die Benutzerauthentifizierung war erfolgreich:

Benutzer: My ID
Domäne: 
Quellnetzwerkadresse: My IP
Ereignis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-TerminalServices-RemoteConnectionManager" Guid="{c76baa63-ae81-421c-b425-340b4b24157f}" />
    <EventID>1149</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000000000000000</Keywords>
    <TimeCreated SystemTime="2021-10-22T14:01:32.8354266Z" />
    <EventRecordID>1034</EventRecordID>
    <Correlation ActivityID="{f42073e2-bc36-4f11-bcee-f01056750000}" />
    <Execution ProcessID="2024" ThreadID="8216" />
    <Channel>Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational</Channel>
    <Computer>My Computer</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <UserData>
    <EventXML xmlns="Event_NS">
      <Param1>My User ID</Param1>
      <Param2>
      </Param2>
      <Param3>My IP</Param3>
    </EventXML>
  </UserData>
</Event>

I thought the issue my come from the read permission of IDs but running this task as SYSTEM or as my own account (on background) won't help either.


Solution 1:

I believe you are using the wrong event id, that you should use Event id 20521, defined as "User config info will be loaded from local machine for this RDP-Tcp connection":

  • Open Event Viewer

  • Go to Applications and Services Logs > Microsoft > Windows > TerminalServices-RemoteConnectionManager > Admin

  • Any event with ID=20521 is a successful RDP connection

  • Right-Click on the event and select "Attach task to this event".

Related

Missing libSM.so.6 library - QT creator installation error
Permissions denied to owner, although it is set to 666 in .ssh directory
DBF viewer for Ubuntu
Font Manager Fails in Ubuntu 16.04
Completely removing old Nvidia drivers
Ubuntu 18.04 network icon disappeared and no internet access in VMware [closed]
How can I fix the dull colors I am getting in Ubuntu 19.04 Terminal?
How can I remove the package oracle-java11-installer-local?
How to set up Hot Corners?
How can I tell if I installed with wubi?
Can I change the /home folder after ubuntu installation? [duplicate]
How to run skype at boot time?