I'd like to trigger a script action upon MS Teams client launch. My first guess was to hook it on an event in the Event log.
However, I was unable to find if the app actually writes to the Windows Event log. Nothing found in my Event Viewer nor MS Teams dev guide. Google is of no help... There also might be other ways of approaching this. Any hints would be very appreciated.
Thank you!
I very much doubt that Teams is generating a specific event log event when it's launching, but you can detect any process, including Microsoft Teams, by looking at event id 4688 (process tracking needs to be audited however) and filtering on the process name and path.
On my system, the event looks similar to the below:
A new process has been created.
Creator Subject:
Security ID: DOMAIN\lucky.luke
Account Name: lucky.luke
Account Domain: DOMAIN
Logon ID: 0xDBA77
Target Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Process Information:
New Process ID: 0x730c
New Process Name: C:\Users\lucky.luke\AppData\Local\Microsoft\Teams\current\Teams.exe
Token Elevation Type: TokenElevationTypeLimited (3)
Mandatory Label: Mandatory Label\Medium Mandatory Level
Creator Process ID: 0x725c
Creator Process Name: C:\Users\lucky.luke\AppData\Local\Microsoft\Teams\current\Teams.exe
Keep in mind that it creates 4 instances for me, so whatever you trigger you create would need to take that into consideration and only trigger on the first one.
There is software out there than can utilize thresholds and such that will accomplish that if necessary (e.g. EventSentry Light).
