Register scheduled task with New-ScheduledTaskTrigger to trigger on event ID

Question

Register-ScheduledTask with New-ScheduledTaskTrigger on a Windows event ID

Hello Stack-overflow users. Neither MSDN nor Google yields results...
I configured a couple of scheduled tasks via a Powershell script. The scheduled tasks are set to run at certain times.
This all works fine. But I need to configure another scheduled task which run when a certain event ID is logged in the Windows event logger.
I can set this up manually of course but I want it as part of my automated script.

this is the code I have so far for the scheduled tasks, I need to replace the $Trigger= New-ScheduledTaskTrigger -At 4:00am -Daily section:

        Copy-Item "\\networkDrive\Backups\scripts\Reset-Sessions.ps1" "c:\scripts\Reset-Sessions.ps1"
        $Trigger= New-ScheduledTaskTrigger -At 4:00am -Daily
        $User= 'Nt Authority\System'
        $Action= New-ScheduledTaskAction -Execute "Powershell.exe" -Argument "-executionpolicy bypass -File c:\scripts\Reset-Sessions.ps1"
        Register-ScheduledTask -TaskName "Reset-Sessions" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest -Force

I have changed some of the directory and file names for online purposes.

I would appreciate it if somebody could steer me into the right direction or assist with an example.
I would prefer to only change the $Trigger portion and not re-write the whole script but I would understand if it is not possible.

I use Powershell version 5.1.

Answer 1

With this answer as a base and some additional help I was able to construct this script

    $taskname="Reset-Sessions"
    # delete existing task if it exists
    Get-ScheduledTask -TaskName $taskname -ErrorAction SilentlyContinue |  Unregister-ScheduledTask -Confirm:$false
    # get target script based on current script root
    $scriptPath=[System.IO.Path]::Combine($PSScriptRoot, "Reset-Sessions.ps1")
    # create list of triggers, and add logon trigger
    $triggers = @()
    $triggers += New-ScheduledTaskTrigger -AtLogOn

    # create TaskEventTrigger, use your own value in Subscription
    $CIMTriggerClass = Get-CimClass -ClassName MSFT_TaskEventTrigger -Namespace Root/Microsoft/Windows/TaskScheduler:MSFT_TaskEventTrigger
    $trigger = New-CimInstance -CimClass $CIMTriggerClass -ClientOnly
    $trigger.Subscription = 
@"
<QueryList><Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"><Select Path="Microsoft-Windows-NetworkProfile/Operational">*[System[(EventID=4004)]]</Select></Query></QueryList>
"@
    $trigger.Enabled = $True 
    $triggers += $trigger

    # create task
    $User='Nt Authority\System'
    $Action=New-ScheduledTaskAction -Execute "Powershell.exe" -Argument "-ExecutionPolicy bypass -File $scriptPath"
    Register-ScheduledTask -TaskName $taskname -Trigger $triggers -User $User -Action $Action -RunLevel Highest -Force

The main magic is to use Get-CimClass to get the correct instance, and then populate Subscription from Get-ScheduledTask "Tmp" | Select -ExpandProperty Triggers