Windows task to trigger when eSATA drive is attached

Question

Question: How can I capture an event in Windows (Server 2016) when 1 of 2 specific drives is attached, and assign it the correct drive letter using Scheduled Tasks?

I know how to create a scheduled task triggered by a specific event. I haven't been able to find the right event AND a way to correlate event info with the device ID/GUID available in wmic or diskpart.

Closest I found in Event Viewer is

Level       Date and Time           Source  Event ID    Task Category
=========== ======================= ======= =========== ==============
Information 1/25/2024 9:35:35 PM    UserPnp 20003       (7005)

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
    <Provider Name="Microsoft-Windows-UserPnp" Guid="{96f4a050-7e31-453c-88be-9634f4e02139}" /> 
    <EventID>20003</EventID> 
    <Version>0</Version> 
    <Level>4</Level> 
    <Task>7005</Task> 
    <Opcode>0</Opcode> 
    <Keywords>0x8000000000000000</Keywords> 
    <TimeCreated SystemTime="2024-01-26T03:35:35.7623078Z" /> 
    <EventRecordID>207975</EventRecordID> 
    <Correlation /> 
    <Execution ProcessID="13904" ThreadID="39656" /> 
    <Channel>System</Channel> 
    <Computer>REDACTED</Computer> 
    <Security UserID="S-1-5-18" /> 
  </System>
- <UserData>
  - <AddServiceID xmlns="http://manifests.microsoft.com/win/2004/08/windows/userpnp">
      <ServiceName>WUDFWpdFs</ServiceName> 
      <DriverFileName>\SystemRoot\system32\DRIVERS\WUDFRd.sys</DriverFileName> 
      <DeviceInstanceID>SWD\WPDBUSENUM\_??_USBSTOR#DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00#0401CAC903511603597E3BC31DF751E3084C6D1A4B43B597EB812DFD61F778A#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}</DeviceInstanceID> 
      <PrimaryService>true</PrimaryService> 
      <UpdateService>true</UpdateService> 
      <AddServiceStatus>0</AddServiceStatus> 
    </AddServiceID>
  </UserData>
</Event>

I can get the drive serial number using wmic logicaldisk get deviceid,serialnumber but don't see the serial number in Event Log entries.

Background: For my weekly rotated backups to run "correctly", each eSATA drive attached must assume the same drive letter, let's say "P:". Only one is attached at a time but anytime that letter is assigned to the current drive, the next drive assumes a different letter even if it was assigned P: the last time it was plugged in. (I've tested eSATA and USB drives so far.)

Related Thoughts:

• Changing the backup procedure to point to the predictable drive letter (e.g. O:, P:) is not possible via CLI given our "Standard" business license. Thanks, Acronis [not].
• I suspect it might help to set the GUID partition properties to not automatically assign a drive letter, but still don't know how to capture the drive attached/detached events.
• I'm looking into GPEDIT.MSC policies for Audit File System and Audit Removable Storage but have don't know if this will flood our event logs.

TL;DR: Looking to trigger a scheduled task from a Windows Event when one of two specific eSATA drives are plugged in.