On Windows Server 2003 I have an alert configured in "Performance" based on a counter. The alert is triggered and this is mentioned in the Application event log (as source "SysmonLog").
However, I am trying to make the alert run a program when it is triggered and that doesn't work.
So far I have encountered three different outcomes.
If I open the alert and under the "Action" tab configure "c:\windows\system32 \cmd.exe" in the "Run this program" text field and pass any arguments to it, event viewer will claim "Unable to execute command ''" (with indeed an empty string between the single quotes).
Sometimes the same error refers to the command 'c:\windows\system32\cmd.exe' but with a character called "Luster of Jade" and a newline replacing the drive letter (Unicode character 7498 followed by carriage return and linefeed).
In both cases the actual event (that the alert has been triggered) is NOT noted in the Application log. Also both cases report an error 0x522 (ERROR_PRIVILEGE_NOT_HELD).
The third outcome happens when I configure the alert to run a program without any command line arguments, in which case the fact that the alert was triggered is written to the event log but the program is simply not run (I wrote a text program myself to see if it would run at all, it's not).
Now I am baffled.
Any ideas?
Update: I did think that the error 522 is because the counter belongs to another server. However, as the alert is triggered and the error only happens when I try to run a program with arguments but does not happen when I try to run a program without arguments, I at first didn't think it could be the reason.
