When i run the task it starts the .exe fine but the event ID isn't triggering the .exe automatically.
@echo off
@SCHTASKS /Create /TN Security_Microsoft-Windows-Security-Auditing_4624 /TR "C:\Program Files (x86)\example.exe" /SC ONEVENT /EC Security /MO "*[Security[(EventID=4624)]]" /f
@exit
:h
goto h
(This is saved to notepad as a .bat and run as administrator)
After you use the wizard, in Event Viewer, to bind a task to the event, start Computer Management => Task Scheduler and drill down to Task Scheduler Library => Event Viewer Tasks, find the task named Security_Microsoft-Windows-Security-Auditing_4624 and export it to XML.
At this point you can simply include that XML file with your script and modify the script to import the XML task description on the system. Optionally, you can compare that XML file with one exported from the task you created using the CLI, to see the differences. The differences in Subscription content of the EventTrigger node will be instructive.