Solved Creating Scheduled Task with Powershell - Using specific user account
-
A couple of quick examples I checked show the job running as SYSTEM in stead of a local admin account.
Also...
#Configure the principal to use for the scheduled task and the level to run as $STPrincipal = Register-ScheduledTask -TaskName "choco-upgrade" -user "user" -Password "password" -Action "Powershell.exe" -Argument "-ExecutionPolicy Bypass c:\Scripts\choco-upgrade.ps1" -RunLevel Highest
Should the $STPrincipal actually be something generated by
new-scheduledtaskprincipal
?(I'm looking at a simple example from https://snippets.cacher.io/snippet/dbb81e60b3fedfa47914)
-
@dafyre said in Creating Scheduled Task with Powershell - Using specific user account:
A couple of quick examples I checked show the job running as SYSTEM in stead of a local admin account.
Also...
#Configure the principal to use for the scheduled task and the level to run as $STPrincipal = Register-ScheduledTask -TaskName "choco-upgrade" -user "user" -Password "password" -Action "Powershell.exe" -Argument "-ExecutionPolicy Bypass c:\Scripts\choco-upgrade.ps1" -RunLevel Highest
Should the $STPrincipal actually be something generated by
new-scheduledtaskprincipal
?(I'm looking at a simple example from https://snippets.cacher.io/snippet/dbb81e60b3fedfa47914)
Likely, this was my first attempt at using powershell to create a scheduled task and I found a script (above) which I've bastardized to try and do what I want.
I could likely just use my working script and see how it goes. . but I hate having to rely on someone being logged in. . .
-
Can you post a santized version of the script you want to use?
Also, I thought requiring a person to be logged on was dependent on options you chose when creating the scheduled task?
-
Working version
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) choco install flashplayerplugin flashplayeractivex firefox googlechrome vlc sharex filezilla openshot 7zip.install wiztree -y #Create a new trigger that is configured to trigger at startup $STTrigger = New-ScheduledTaskTrigger -Weekly -WeeksInterval 4 -DaysOfWeek Saturday -At 8PM #Name for the scheduled task $STName = "choco-upgrade" #Action to run as $STAction = New-ScheduledTaskAction -Execute "powershell.exe -ExecutionPolicy Bypass c:\Scripts\choco-upgrade.ps1" #Configure when to stop the task and how long it can run for. In this example it does not stop on idle and uses the maximum possible duration by setting a timelimit of 0 $STSettings = New-ScheduledTaskSettingsSet -DontStopOnIdleEnd -ExecutionTimeLimit ([TimeSpan]::Zero) #Configure the principal to use for the scheduled task and the level to run as $STPrincipal = New-ScheduledTaskPrincipal -GroupId "BUILTIN\Administrators" -RunLevel "Highest" #Register the new scheduled task Register-ScheduledTask $STName -Action $STAction -Trigger $STTrigger -Principal $STPrincipal -Settings $STSettings New-Item -ItemType directory -Path C:\Scripts cd "c:\" copy-item "\\serverpath\folder\folder\Scripts\choco-upgrade.ps1" -Destination "C:\Scripts\choco-upgrade.ps1"
-
@dafyre said in Creating Scheduled Task with Powershell - Using specific user account:
Also, I thought requiring a person to be logged on was dependent on options you chose when creating the scheduled task?
It is, and thus the point of me attempting to figure out how to specify a user rather than a group via powershell.
Doing it via the gui is simple, it's trying to do it via powershell that has me hung up.
-
Hrmm. . .
I wonder if New-ScheduledTaskPrincipal -UserID 'localhost\user' would work. . . but what would I use to pass in the password. . .
-
@dustinb3403 said in Creating Scheduled Task with Powershell - Using specific user account:
Hrmm. . .
I wonder if New-ScheduledTaskPrincipal -UserID 'localhost\user' would work. . . but what would I use to pass in the password. . .
Why are you running it as a specific user instead of SYSTEM ?
-
@dafyre said in Creating Scheduled Task with Powershell - Using specific user account:
@dustinb3403 said in Creating Scheduled Task with Powershell - Using specific user account:
Hrmm. . .
I wonder if New-ScheduledTaskPrincipal -UserID 'localhost\user' would work. . . but what would I use to pass in the password. . .
Why are you running it as a specific user instead of SYSTEM ?
For some unknown to me reason running as a system task was failing. . .
-
Oh I know why now. . .
Rather than actually running the powershell script (task scheduler) it is launching notepad to attempt to open the ps1 file.
This obviously is a failure.
What needs to execute is "powershell.exe" with arguments
-ExecutionPolicy Bypass c:\Scripts\choco-upgrade.ps1
-
Which maybe (can't recall if I tried this. . .) just doing
-execute 'powershell.exe' -arguments '. .. . ' will work. .
-
Nope that fails. . . -Arguments isn't a known parameter
-
This here says I should be using New-ScheduleTaskAction with -execute and -argument
but it fails.. . .
-
doh. . . it would help if I didn't fatfinger the spelling of "Argument". . .
Working version
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) choco install flashplayerplugin flashplayeractivex firefox googlechrome vlc sharex filezilla openshot 7zip.install wiztree -y #Create a new trigger that is configured to trigger at startup $STTrigger = New-ScheduledTaskTrigger -Weekly -WeeksInterval 4 -DaysOfWeek Saturday -At 8PM #Name for the scheduled task $STName = "choco-upgrade" #Action to run as $STAction = New-ScheduledTaskAction -Execute 'Powershell.exe' -Argument '-ExecutionPolicy Bypass c:\Scripts\choco-upgrade.ps1' #Configure when to stop the task and how long it can run for. In this example it does not stop on idle and uses the maximum possible duration by setting a timelimit of 0 $STSettings = New-ScheduledTaskSettingsSet -DontStopOnIdleEnd -ExecutionTimeLimit ([TimeSpan]::Zero) #Configure the principal to use for the scheduled task and the level to run as $STPrincipal = New-ScheduledTaskPrincipal -GroupId "BUILTIN\Administrators" -RunLevel "Highest" #Register the new scheduled task Register-ScheduledTask $STName -Action $STAction -Trigger $STTrigger -Principal $STPrincipal -Settings $STSettings New-Item -ItemType directory -Path C:\Scripts cd "c:\" copy-item "\\serverpath\folder\folder\Scripts\choco-upgrade.ps1" -Destination "C:\Scripts\choco-upgrade.ps1"
-
So using the SYSTEM account appears to work, at least when I manually run the task. So meh w/e. It still requires a user to be logged in, which I might see if I can change that flag as I don't want to rely on my users remaining logged in.
But they likely never sign out either.
-
I know this post is old, but I've found doing scheduled tasks with SaltStack is insanely simple and very effective lately... so much more than using MS Group Policy.
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_task.html
-
@obsolesce said in Creating Scheduled Task with Powershell - Using specific user account:
I know this post is old, but I've found doing scheduled tasks with SaltStack is insanely simple and very effective lately... so much more than using MS Group Policy.
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_task.html
I really want to get back into learning saltstack again.
-
@wrx7m said in Creating Scheduled Task with Powershell - Using specific user account:
@obsolesce said in Creating Scheduled Task with Powershell - Using specific user account:
I know this post is old, but I've found doing scheduled tasks with SaltStack is insanely simple and very effective lately... so much more than using MS Group Policy.
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_task.html
I really want to get back into learning saltstack again.
You can, in theory, use it to report and manage Windows Defender.
-
@wrx7m said in Creating Scheduled Task with Powershell - Using specific user account:
@obsolesce said in Creating Scheduled Task with Powershell - Using specific user account:
I know this post is old, but I've found doing scheduled tasks with SaltStack is insanely simple and very effective lately... so much more than using MS Group Policy.
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_task.html
I really want to get back into learning saltstack again.
Here's an example of a task that goes to all minions it's supposed to go to... and it "just works". No AD required.
Also, using SaltStack to sync that .ps1 it runs from GitLab: