# Windows XP Task Scheduler Command Line Credentials Question



## scrfix (May 3, 2009)

Before I embark on this, I am wondering if anyone here knows of any way to get the Task Scheduler in XP to not require credentials even when there is a password on the account.

I already know I can set the registry so that I can have no password on the account and then allow the credential check for the task scheduler to be blank. That I have and have working.

My hopes are that I can set the scheduler up and not have to enter a password at all and even if the client machine has a password, the scheduler will still run.

My only other option is to change their password to nothing and then prevent the client machine from changing their password so it doesn't screw up the task scheduler. I don't want to go down that path.

Any ideas?
I saw that I can use /ru SYSTEM. If I did that, would I still have to enter a password?

Thanks for any tips,

*Updated:*
Okay, this question has been semi-resolved.
1. I realized that I was not checking the "only run if logged in" checkbox. Now it doesn't rely on password credentials to run.

2. Next question. I am sure there is a way via the command line to check that box however I am not sure what it was. The closest thign I could find was the /NP key for no password however even then it said only local limited resources available if I do that.

I am using schtasks for this.

3. I read that schtasks is not available in Home Edition XP. I don't have a home edition here with me to test currently so I am asking here. Is that true? If so, I will need to add that to my list as well and will have to check for that file on XP systems.

*Update2 08-18-09*
It appears I am out of luck with utilizing the schtasks in Windows XP. I have attempted to bring the one from Vista and it of course errors out saying it is not a valid Win32 application.

I did have a thought however.

*My Goal*
To have an interactive exe file ran daily on a computer at a specified time without credential check.
I believe I can utilize the AT Commands for this on XP. Am I wrong?
If I utilize AT for this task, am I wasting my time or can I accomplish the above?


----------



## Squashman (Apr 4, 2003)

I would just use AT.


----------



## TheOutcaste (Aug 8, 2007)

The System account does not require a password. Tasks run under the System account will not be interactive. 
XP Home does not include schtasks.exe, but the one from XP Pro seems to work
I don't think you can set the *Run only if logged on* box from the command line. Seems like a strange oversight
Never heard of the */NP* switch, and it fails on XP. Perhaps you meant */RP*?
AT works for XP Home


----------



## scrfix (May 3, 2009)

Jerry,

The /NP is from Vista. I thought it was available in XP too however that was an incorrect presumption. Works the same as the System except for the user. Does not run interactively.

I am going to attempt something. If I create a batch file and have that call a separate batch file, I wonder if that second one will run interactive. Perhaps the first one will be interactive and who cares.

I will report back with what I find.

Squashman,
If I utilize the AT command, can I get around having to use a password to run the command?

Notes:
My main concern is the fact that I don't want to have to worry when someone changes their password. I don't want to have to change the password in the task.

I know that I can remove their password with net user "%username%" ""
I can then prevent the user from adding a password with net user "%username%" /passwordchg:no
Finally I can change the registry entry limitblankpassworduse to 0 and then I can enter a blank password for the schtasks and not have to worry about a password change.
I can provide a utility for changing passwords at that point in time.

I didn't want to have to go through all of that... lol
I am hoping to get around having to use credentials to run either AT or SCHTASKS.
The preferred method is to still allow user the ability to change their password.

*Updated:*
The AT command appears to do exactly what I need. One question however. When I create the command:
*AT 00:23 /INTERACTIVE /EVERY:M,T,W,Th,F,S,Su "MyPerfectFile.exe"*
It saves it as AT1.job inside the Windows/Tasks folder. I would like this to be named something else other than AT1.job such as whatever.job. I went to the command line and did a ren AT1.job whatever.job and it successfully renames however it at that time does not run at its scheduled time.

Does it have to stay named AT1? I wouldn't think the name would have anything to do with the commands. If I leave it as AT1, it works just fine. Any ideas?


----------



## TheOutcaste (Aug 8, 2007)

Create a separate account for running scheduled tasks, then add it to the Special Accounts list. It won't show on the Welcome screen or the User Control Panel. It will show in the Local Users and Groups snap in and in Net User, but XP home and Vista Home/Basic don't have that snap in, so it hides it fairly well. Add a comment that the account shouldn't be deleted or have it's password changed and maybe it will be left alone.


----------



## scrfix (May 3, 2009)

I spoke too soon.

I am having a massive issue with this AT command. It will not see a mapped drive apparently.

I am using robocopy.
In order to begin the robocopy, I merely check to see if the drive is actually there.

*Code*

```
@echo off
IF NOT EXIST Z:\ GOTO _NODRIVEFOUND
IF EXIST Z:\ ECHO We Have a drive.
GOTO _PAUSE
:_NODRIVEFOUND
Echo There must be a problem with AT commands over a network.
GOTO _PAUSE
 
:_PAUSE
pause
```
The Z Drive is an external hard drive hooked up to another computer on a workgroup.

If I click on the bat file above directly, it works no problem. If I use the AT command, it fails every time with and without quotes around the Z:\

Any ideas?

*Updated*
Sorry, I am starting to pass out over here. Too tired from the main job. I forgot to give you my AT command.
Here, I have tried the following:

*AT 01:07 /INTERACTIVE /EVERY:M,T,W,Th,F,S,Su "C:\Program Files\Spectacular Computer Repair\testat.bat"*

*AT 01:07 /INTERACTIVE /EVERY:M,T,W,Th,F,S,Su C:\Progra~1\Specta~1\testat.bat*

Change the time to your liking.

Am I missing something? Why will this not work when AT handles it and it does work when I click on it or run it from the command line?


----------



## scrfix (May 3, 2009)

Jerry,

You gave me a good idea. Tell me if this is possible before I waste my time doing this.

This is for stand alone systems and not for a domain.

Step 1: I set the registry entry so that it can accept blank passwords.
Step 2: Under an administrator account, I can erase the password for the Administrator account.
Step 3: I make it so that the administrator password cannot be changed.
Step 4: I shedule the task to run with Administrator Credentials.

I could also modify that by creating a random password and changing the Administrator account to be a random password. I could place a document file on their desktop somewhere stating what the Administrator password is.

Thoughts?

Off to bed for me.


----------



## scrfix (May 3, 2009)

Okay,

I haven't gone to bed yet. I think I found something. I believe I just have to compile it and test it. On sourceforge there was some open source software for task scheduler that creates .job files and allows me to utilize run only if user is logged on. It took me forever to find that. NOBODY made one that had a command line interface. It was all GUI. Some really nice stuff, but not command line.

Link: http://sourceforge.net/projects/pyt...eduler_1.0/pytaskscheduler_22_23.zip/download

If I can utilize that, my issues will be resolved.


----------



## Squashman (Apr 4, 2003)

scrfix said:


> I spoke too soon.
> 
> I am having a massive issue with this AT command. It will not see a mapped drive apparently.


On Vista?
http://www.winhelponline.com/blog/mapped-drives-are-not-seen-from-elevated-command-prompt-in-vista/


----------



## scrfix (May 3, 2009)

Squashman said:


> On Vista?
> http://www.winhelponline.com/blog/mapped-drives-are-not-seen-from-elevated-command-prompt-in-vista/


No. XP.


----------



## TheOutcaste (Aug 8, 2007)

Drives are mapped on a per user basis. Anything scheduled using *AT* runs under the *System* account, so it won't see drives mapped under any other accounts. You'll have to map the drive from within the task itself.

If you use *Net Use /persistent:yes*, the drives will remain mapped even after a reboot, so they would only need to be mapped once for the *System* account.


----------



## scrfix (May 3, 2009)

hmmmmm,

Jerry, I then have another question which will actually help me out in a few ways but currently more for learning and here at home.
1. How do I map a drive from a batch file?
2. Is there a way that I can detect a shared resource.

Example:
My son's computer has an external drive attached to it.
That drive on his computer is drive f:\
That drive is shared on the network.

Is there a way to automatically
1. Detect that shared resource.
2. Be able to distinguish that it is an external drive instead of just a shared folder on the system root.
3. Map it to a drive letter that is not currently in use on my computer local computer.


----------



## Squashman (Apr 4, 2003)

scrfix said:


> hmmmmm,
> 
> Jerry, I then have another question which will actually help me out in a few ways but currently more for learning and here at home.
> 1. How do I map a drive from a batch file?


He just showed you how. *net use*.

You map a drive to another computer by using the computer name and share name.
\\computername\share

So there is no real reason to try and detect it remotely.


----------



## Squashman (Apr 4, 2003)

I forgot to add. If you want to map it to the next available drive letter you just use an asterisk in place of the drive letter.

net use * \\computername\sharename


----------



## scrfix (May 3, 2009)

Can it be done however? If I wanted to automatically detect the network shares. Can it be done?

(I just got your second post on my cell. Thanks. I was just looking that up with net use /?) I didn't realize that net use was how to map it. I thought it was just talking about the persistent yes.

I am curious if it the network shares can be detected automatically, if so, how. I am also curious if from the command line it is possible to determine whether that shared resource is an external drive and finally if it is possible to automatically assign a drive letter to it that is not in use on the current user.

If that is possible, I would like to incorporate that at work when backing up peoples data over the network. That would make things so much easier. That's why I mentioned that if it is possible, that would help me out in a few different ways however I can also utilize that here at home too.


----------



## scrfix (May 3, 2009)

damn I just tried that
net use Z \\Matts-laptop\f /Persistent:Yes

An error came back 
System error 67 has occurred.
The network name cannot be found.

I have not looked the error up yet.


----------



## Squashman (Apr 4, 2003)

I guess I am not seeing your point this exercise. If you have a shared resource on the network why would you go searching for it and then try to map to it. 

I don't think there is anyway to determine if the share is a internal or external hard drive attached to the pc. 

If you want to backup to it, just call the share name BACKUP.

Yes there are ways to detect shares on remote computers but you would waste all kinds of time and resources if you had to scan the entire subnet every time to do this. And why would you want to do this just for backup. Makes no sense to me. If you want to backup to a network share then just back it up to there.

You sure like to make things harder than they have to be.


----------



## TheOutcaste (Aug 8, 2007)

Check out *Net View* and *Net Use*
*Net View \\pcname* will show the shared resources, but there is no way to tell if it's an internal or external disk unless you include that in the share name.
The error 67 is because you forgot the colon:
* net use Z: \\Matts-laptop\f /Persistent:Yes*

Mapping the same share to two different drive letters can sometimes cause issues, so I use the following routine to check to see if a share is already mapped. If it is, it returns the drive letter. If not, it maps the share to the next available drive letter and returns the drive letter.
It also returns a flag to indicate whether the share was already mapped, or was just created. This flag can be used to let you delete shares you create, while leaving shares that already existed alone. Users get upset when you delete their mapped drives for some reason.


```
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::                    Subroutines
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:_MapChk
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: Checks if a share is already mapped.
:: Arguments : "SharePath" returnvariable flagvariable [username [password]]
:: Returns   : Drive letter in returnvariable
::           : Flagvariable set to 0 if already mapped, 1 if new map
:: Usage
:: Call :_MapChk "path" rname fname [username password]
::      "path"   : Share to be mapped. Must be in quotes
::      rname    : This variable will be set to the mapped drive letter
::      fname    : Set to 0 if drive already mapped, 1 if a drive was mapped
::      username : Username to be used. Enter * if you wish to use currently logged on user
::      password : Password to use. Enter * if you wish to be prompted
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Setlocal EnableDelayedExpansion
If [%4]==[] Goto _Pchk1
Set _User=
If %4==* Goto _Pchk1
Set _User=/user:%4
:_Pchk1
Set _Pass=
If NOT [%5]==[] Set _Pass=%5
Set _t1=%~1
For /L %%I In (5,1,26) Do If NOT "!_t1:~%%I,1!"=="" Set _len=%%I
If !_len! LEQ 24 (
:: Pad with 20 trailing spaces and a period
  Set _t1=!_t1!                    .
  Set _t1=!_t1:~0,25!
  )
:: Add one trailing space and a period
Set _t1=!_t1! .
:: Trim off period
Set _t1=!_t1:~0,-1!
Set _Flag=0
:_MapChk1
For /F "Tokens=2*" %%I In ('net use ^|Find /I %1') Do (
 Set _Found=%%J
 Set _Found=!_Found:Microsoft Windows Network=!
 If /I !_Found!==!_t1! Set _PDrv=%%~dI
 )
If NOT [%_PDrv%]==[] EndLocal&Set %2=%_PDrv%&Set %3=%_Flag%&Goto :EOF
Set _Flag=1
Net Use * %_Pdrv% %1 %_User% %_Pass%
If NOT Errorlevel 1 Goto _MapChk1
EndLocal&Goto :EOF
```
Example of usage in my backup script:

```
Call :_MapChk "\\%_PCName%\AllUsers$" _Drv _DF
xcopy %_sw% %_Drv%\ "U:\Backups\%_PCName%\AllUsers" /exclude:xcldlst2.log+xcldlst3.log
If %_DF%==1 net use %_Drv% /DELETE
```


----------



## scrfix (May 3, 2009)

Point to the exercise is to learn. I will pick up anything I can and like to learn. I have numerous projects all the time and whatever I can learn to make things easier on me the better.

Obviously I did not know what it would take in order to accomplish that otherwise I would not have asked.

And God, oops I mean Jerry, seems to be a wealth of knowledge and always knows something that is extremely user-friendly and has never ceased to amaze me. When he does something, it just works. If I can learn from anyone willing to share, I will ask. I learn from any resource possible and as much as possible.


----------



## Squashman (Apr 4, 2003)

scrfix said:


> damn I just tried that
> net use Z \\Matts-laptop\f /Persistent:Yes
> 
> An error came back
> ...


You named the share F?


----------



## scrfix (May 3, 2009)

Jerry,

Thanks for the script. I am going to start breaking that down to try to see what it says.

Took a quick glance. How does it know whether or not you have internal drives using drive lettes. I see where you are using net use to determine the mapped drives.

What happens if it things the next available drive is F but that drive letter is already utilized by an external drive or a CD-Rom?

Squashman,

It is my kids computer and the drive letter is f so for testing it didn't need to be anything else. Shouldn't matter what it was named because the command is still the same, right?


----------



## Squashman (Apr 4, 2003)

Do you not see the *net use ** in his script?


----------



## TheOutcaste (Aug 8, 2007)

*net use ** will use the next *available* drive letter. It won't try to use a drive letter that is already in use. It _will_ use drive letters that have been assigned to flash drives or externals if they are not connected, so connecting a device while you've mapped the letter they use could cause the device to not appear, or could cause your script to start accessing that device instead of your intended share though.

My routine doesn't look for shares, just checks to see if a particular share is already mapped so I can use the existing drive letter and not delete it afterwards. If it's not already mapped, it maps it, then I can delete it afterwards


----------



## scrfix (May 3, 2009)

I did a net view on my kids laptop.


```
Share name  Type  Used as  Comment
-----------------------------------
C           Disk
F           Disk  (UNC)
Public      Disk
Users       Disk
The command completed successfully.
```
For this test, I had him share
1. The C Drive
2. The F Drive
3. The Users directory.

The external drive is the only one that has used as UNC.
Does this matter? I did not have the drive mapped at the time, nor was I accessing the drive at the time. Could this (UNC) be because it is an external drive or is it something else? If something else, why didn't it show up on the other ones?


----------



## TheOutcaste (Aug 8, 2007)

The UNC entry is a result of the error with the missing colon. The Used As column shows the drive letter the share is mapped as. Since the colon was missing from the Z, it mapped it as a *U*niversal *N*aming *C*onvention share.
Use *net use \\Matts-laptop\f /delete* to remove it.

I have no idea what use it is, as a drive letter is not assigned.


----------



## scrfix (May 3, 2009)

I ran that command. It said it completed successfully however however it is still there. My main concern was whether it was stating that it was utilizing an external drive as a UNC path. I was hopeful that perhaps this might be a way to distinguish against that.


Off the subject and back onto the original. That link that I provided for the task scheduler I think I have to have python installed because it is asking for files that I have no idea what they are when I attempted to compile the .cpp file they provide.

Thank you for the net use *. I have another program that I use a static drive letter and I would rather not. I am going to look into using that.

Currently, I am manually mapping the external drive letter to Z and then using that static letter in my code. Where I have been running into an issue is when these stupid HP printers utilize Z for their network drive. The office goes and gets one of those all of a sudden my program breaks. I would much rather automate that by using the net use * to determine what letter it is, map the drive to that letter. There is some other items I would have to do for checks and balances but that is ok.


----------



## TheOutcaste (Aug 8, 2007)

Net Use doesn't care what the drive letter of the drive that contains the share is, it only looks for *\\PCname\ShareName*. If the drive letter of the external changes, any folders shared will no longer work until they are re-shared.

You can use Net Use to map to a share on the same PC, rather than to a remote system.
Example, you have several PCs, each with an external drive with a folder shared as *Backup*
You don't know the drive letter of the external, it's different on each PC, but the share name (*Backup*) is identical.

You can use that routine to map to \\%Computername%\Backup and don't have to know the drive letter of the external, or what drive letters are free, so you can run the same script on all the different PCs.

But if the drive letter of the external changes, the Backup share has to be re-created.


----------



## scrfix (May 3, 2009)

Jerry,

I am having a little issue with your script. Trying to break it down. I have not attempted to run it yet, merely trying to read it.

*If [%4]*==[] Goto _Pchk1
Is this because there are parameters that are sent in to the script or are we utiliing %4 as a variable?

I can read some of it but most of it seems cryptic to me currently. I am heading off to bed. I am about to fall over. My son has been sick and up every 30 minutes. It is the wifes shift.

Could I ask you to explain that script in a little more detail. The main part I am trying to take from this other than the obvious being able to read it, is the fact of the net use *. I have attempted this and failed. I am trying to use it in my application where I have an external drive. I plug that external drive in.

I would like to automatically detect what the next available letter is, map that drive to that letter and store that letter into the registry. I have the registry down pat..... my son is up again.... gotta run.


----------



## Squashman (Apr 4, 2003)

You dont need to know what the next available letter is! That is what *net use ** does!

crappy forum editor won't let me upper case everything. That has to be the first time I ever tried to upper case anything to get my point across and it wouldn't let me do it. Now I am sad.


----------



## Squashman (Apr 4, 2003)

scrfix said:


> Jerry,
> 
> I am having a little issue with your script. Trying to break it down. I have not attempted to run it yet, merely trying to read it.
> 
> ...


Read the usage in the _MapChk script. 


> :: Usage
> :: Call :_MapChk "path" rname fname [username password]
> :: "path" : Share to be mapped. Must be in quotes
> :: rname : This variable will be set to the mapped drive letter
> ...


You call that script from another script with variables. Anytime you start a batch file or call a batch with additional parameters the input becomes %1 %2 %3 etc, etc ,etc.....
If you call _MapChk with 5 variables from some other batch file; %4 & %5 are the username and password.


----------



## scrfix (May 3, 2009)

Without knowing the drive letter, how do I accomplish the following scenario?

1. An unpartitioned drive gets put into the computer via a USB cable.
2. I would like to partition that drive automatically and assign it a letter. I understand that I can utilize diskpart for this. I can probably utilize net use * to assign the letter I am presuming.
3. I would like to copy files over to that partition in the same batch file. For this, I need to know what letter was utilized for the drive, correct? How else would that be accomplished without knowing the drive letter?

My thoughts here are: Great I can utilize net use * which by the way, I must be utilizing incorrectly because it doesn't do anything for me, but how do I start copying over to that same drive letter?

When I go into the help for net use all it tells me is that I can utilize net use *. It doesn't give me any examples or anything. I have not had time to search Google or Microsoft yet.


----------



## Squashman (Apr 4, 2003)

_Posted via Mobile Device_
you are trying to do two totally unrelated things at once.
partitioning is done locally on a computer. net use is used to map to a remote share.
you wouldn't be doing this all on one computer.
I think you are confused on what you are trying to do.


----------



## TheOutcaste (Aug 8, 2007)

*wmic logicaldisk get DeviceID
*
This lists all used drive letters, so you can determine which are free.

From within Diskpart, *List Volume* will also list all used drive letters. It won't work from the command line, so you would have to create a Diskpart script, run it and capture the output.
You'd have to do the same to determine which disk has unpartitioned space as well, so you know which disk to select to create the partition on.

Then create a Diskpart script to create the partition and assign a drive letter using the *Assign* command.

Then you can exit Diskpart and format the drive.

While you can use *Net Use* to map to a share that exists on the same PC, you can't use *Net Use* for this situation, as you would first have to create a share to map to, which requires knowing the drive letter so you can specify the path using *Net Share*.

As for the drive mapping routine, glad you asked. Going though it again I found a few of bugs, and an unneeded variable (it would always be null at that point so wasn't needed).If no username or password are passed, the variables will not be initialized, so the routine could use a pre-existing value for the _User and _Pass variables which could cause an error. 
There was no way to prompt for the password and specify using the current user by using the * rather than typing the full user name.
The loop that checks the length should start with 4, not 5. Might be able to end the loop on 25 instead of 26, but I didn't test that.​This version clears some variables first, _then_ checks to see if a user (and password) were passed. If %4 is null, then neither were passed, so it now jumps over the check for the fifth parameter.

As the usage section shows, there are three variables that _must_ be passed to the routine:


the path to be mapped
the names of two variables, one to return the drive letter, and a flag variable:
0 if the map already existed, 1 if a new map was created
 The 4th and 5th values are optional.
The Username will be Parameter 4 (%4), and the Password parameter 5 (%5)
So we first check to see if the username was supplied (%4). If a username is supplied, it creates the */user:* switch to be used latter. It then checks to see if a password was supplied.

Specifying * for the username means you will use the currently logged on user, and you can now specify * for the password so you will be prompted for the password. This could be useful in a work setting if the system is left unlocked, preventing anyone from running a script that uses this routine unless they know the password of the current user.

Specifying * for the password means you will be prompted for the password.

The Net Use command output is 4 columns: Status, Drive Letter, Remote Path, and Network Type. The Remote Path column is 25 characters wide, followed by a space, then *Microsoft Windows Network*. Paths shorter than 25 characters are padded with spaces. If the Remote path is 26 characters or longer, the Network Type column is put on the next line. The Remote Path will still have one space added to the end though.

So we check the position of the last character of the share name we are looking for. The loop starts with 4 because the shortest share name is 5 characters (\\A\B). Remember that the first character is Position 0. If the last character is Position 24 or less (length of 25 or less), the name gets padded with spaces, then the first 25 characters are extracted.
We then add a single space and a period, then the period is removed. The period is used just to make it easier to see that a space is being added, and to make sure the space doesn't get eliminated in a copy/paste.

We then do a Net Use command, pipe it to find to eliminate any shares that do not conatin the name we are looking for, then remove the Microsoft Windows Network from the end if present.
The If statement then checks to see if we have an exact match.
This is needed because the name we are looking for could be a parent folder to an existing share. Example, if we want to map to *\\Computer1\Backups* and also have maps to these:
* \\Computer1\Backups\Monday
\\Computer1\Backups\Tuesday*
Find will find them, so we need to do a check for the exact name.
If a match is found, *_PDrv* is set to the Drive letter.
If *_Pdrv* has a value after the loop completes, the routine is exited, setting the 2nd parameter to the drive letter and the 3rd parameter to the Flag value which is 0
If *_PDrv* does not have a value, then *_Flag* is set to 1, and a *Net Use* command is executed to map the share to the next available letter.

If this completes without an error, we jump back to the For loop to find the Drive Letter that was assigned. You could also capture the output of the Net Use command using a For loop and parse the output for the *Drive X: is now connected to...* part to get the Drive letter, but this wouldn't let you return the Errorlevel to the caller if there was an error without adding a bunch of extra checking.
If there is an error, it simply returns. The Errorlevel can then be checked to see if an error occured. For example, Errorlevel will be 2 if the Path can't be found (System Error 67).


----------



## scrfix (May 3, 2009)

Squashman said:


> _Posted via Mobile Device_
> I think you are confused on what you are trying to do.


Not confused as to what I want to do. Just ignorant on how to accomplish it. 

Jerry,

I think I actually have something but I am having some issues with it.
I found out that if I utilize a schtasks script in combination with a JT script (I have to include the JT.exe in the compiler however it works). The password is not 1234. I am simply utilizing that because even though I have limitblankpassworduse set to 0 it still within the command line will not let me put a NULL password. You can download JT.exe from here: ftp://ftp.microsoft.com/reskit/win2000/jt.zip (I understand that it says Win2000. I am not utilizing it for anything other than the RunOnlyIfLoggedOn property. I am not utilizing it for anything else other than that and the RunOnlyIfLoggedOn feature works.


```
schtasks /create /RU %username% /RP "1234" /SC Daily /TN "My Task" /ST 01:00:00 /TR "%userprofile%\Desktop\acb.exe"
```
and then utilize the following command in JT


```
jt /lj "%systemroot%\Tasks\My Task.job" /sj RunOnlyIfLoggedOn=1
```
I end up with an error. (This is not my question. I know how to fix the error).
It will not run because in the run portion of the schedule task there is no quotes and there are spaces. Also, in the Start In portion it only has C: (The C: in Start In doesn't make a big difference in running or not).

The Run only if logged on is checked.

Now in order to repair it, I have to go to the task properties and manually add the quotes. I don't even touch the Start In. I right click on it and run and it runs perfectly.

However, If I attempt to add quotes within the command line, it fails. Here is the code I am utilizing to add the quotes.


```
schtasks /create /RU %username% /RP "1234" /SC Daily /TN "My Task" /ST 01:00:00 /TR "\"%userprofile%\Desktop\acb.exe\""
```
and then utilize the following command in JT.


```
jt /lj "%systemroot%\Tasks\My Task.job" /sj RunOnlyIfLoggedOn=1
```
Now, when I include the escaped quotes, the Start In portion is actually correct and the quotes are around the Run portion. If I don't run the jt command and I manually select the Run Only If Logged On checkbox then the program runs with no problem. If I utilize the JT command, it checks the box but doesn't run.

I have not attempted sending username and same password with JT yet. I will be trying that as soon as I am done here. I also have not attempted to strictly make the scheduled job with just JT. I know how to load but have not gotten through the 15 pages of documentation to see how or if you can create.

I know that there is some way to get this to work because Google does it. I have attached an image to demonstrate this. I know I didn't check the run only if user is logged on and set it up as Kammi for the username.


----------



## scrfix (May 3, 2009)

Okay,

I had yet another idea. I have not been able to test this but will test later.

1. If I reset the person password to say 1234 or whatever.
2. If I then set the task with the JT scheduler and not the schtasks command and set the run only if logged on with that.
3. I then remove the persons password.

Now this would require the user to have to re set up their password but I don't see any way around this, do any of you?

This also would not work if the end user was on a domain but I am not programming for that. I am merely programming for the majority of our computers which are stand alone pc's.

What do you think? Pros/Cons? Good Idea, Bad Idea? There is a different way Wayne, do this instead it is more effecient?, etc etc etc.

The ultimate goal is to get my bat to run automatically without the necessity to worry about the change of a password.


----------



## TheOutcaste (Aug 8, 2007)

JT seems to work fine for me.
XP Pro SP2
Logged into the Administrator account.
Created a task using a folder with spaces:

```
schtasks /create /RU Jerry /RP jerry /SC Minute /mo 2 /TN "My Task" /ST 00:30:00 /TR "C:\Script Folder\test.cmd"
```
It runs every 2 minutes
test.cmd just creates a file with the date and time as the name:

```
@Echo Off
Set _File=%date:/=-%-%time::=-%.txt
>"%_File%" Echo.Time=%time%
>>"%_File%" Echo.Username=%Username%
```
File is created every 2 minutes.
Ran this command:

```
jt /lj "%systemroot%\Tasks\My Task.job" /sj RunOnlyIfLoggedOn=1
```
Waited 10 minutes, task never ran (as expected)
Logged onto Jerry account and task runs every 2 minutes.

Don't know why it's not working for you. Have you checked the Task Scheduler's log to see if it has any errors? (Open Scheduled Tasks, *Advanced | View Log*)
I didn't try setting it to not require a password. Changing the password causes the task to fail to start as you would expect, and changing it back allows it to start.

Looks like they fixed this for Vista and Win2k3, you can use the */it* switch with *schtasks* to specify *Run only if logged on*.

You're best bet is to use the System account, which needs no password, or create a separate account just for scheduled tasks. Or use the Administrator account and have them use a batch file to change the password if they need to. The batch file would then enable changing the password, change it using Net User, disable password changing, then change the password on all of the scheduled tasks.

Be aware that using *Net User* to change a password for any account but the one you are logged into is the same as reseting the password from the User Accounts applet. The user will lose access to any encrypted files and will have to import their key to regain access, or have a password reset disk to change their password to gain access to the encrypted files.
They will also lose any stored passwords for Web sites or network shares.

Changing the password back will not fix this, you have to have a password reset disk or the exported certificate and key.


----------



## scrfix (May 3, 2009)

Hi Jerry,

I too can get it to work if I know the original password. On a lot of these machines, I will not know what the password is.

Try utilizing it without the /RP or with an incorrect /RP. The set the run only if logged on.

This should work because it is supposed to no longer care what the password is but it doesn't. The box will be checked but if you attempt to right click and run the scheduled task, it will come up unable to run.

I am on a Windows 7 machine right now. I will head back to my XP machine when I get a chance and take screen shots and post them.

*Updated 09-05-09 1:03pm EST*
I cannot utilize a system account because it will not run interactively. I need it to run interactively.

Thanks for the tip on the EFS. Forgot about that. Okay changing via net user is out of the question.

I run into a lot of computers that are using the administrator account on Windows XP Professional as their current login. If I reset the password utilizing the Administrator account, I run the same risk with EFS.

I will post the log entry as soon as I get over to that computer again.


----------



## TheOutcaste (Aug 8, 2007)

Got a little tunnel vision, was focusing on getting *Run only if logged on* checked rather than how to run if the user changes their password.

*Run only if logged on* has nothing to do with the password. It's purpose is to indicate that the task is interactive and should only run when the user is logged on so they can interact with the task. It doesn't let the task run without checking the password. If the *Run only if logged on* box is checked it doesn't ask for a User name/password because it knows to use the current user's credentials, not because a password isn't needed.

Otherwise, anyone could create a scheduled task and use it to access a user's files, including encrypted files, by simply knowing their user name.
And if set to allow blank passwords that doesn't mean no password. A blank password is still a password (length of 0), and must match.

If the task needs to interact with a user, you have to know that user's password for the task to run, or schedule it using AT with the /interactive switch, which as you know no longer works on Vista. One problem with AT; if there are two or more user accounts logged on at the same time, I'm not sure how it determines which one to interact with.
It seems to pick the account that created the task if it's logged in, or picks the account alphabetically if the creator account is not logged on, but I haven't done enough testing to confirm that. It may pick the account that has been logged on the longest.


----------



## scrfix (May 3, 2009)

The AT command doesn't work across a network at all so I ran into a problem with that one when working with a mapped drive.

The run only if logged on option I know doesn't have any play on the password with the exception that it utilizes the credentials that are already utilized at logon.

Now, Google does this with no problem (see my attached pictures in one of the above posts). They have the run only if logged on checked and they set the scheduled task. There must be a way to accomplish this. They don't know my password. How do they accomplish it?


----------



## TheOutcaste (Aug 8, 2007)

OK, I think I'm on the same page now. Could have sworn I'd created a task and checked the *Run only if logged on* box and the task would fail if I changed the password. Now it seems to work just fine, but won't work if using jt.exe to set that flag.

The header info from the jt.exe file indicates it's actually from the WinNT resource kit from 1998, so I'm guessing it just doesn't set things correctly for XP. It also doesn't set the *Log on as a batch job* User Right that is set by schtasks.exe or the GUI.

From what I can find, on XP the only way to do it is using C/C++ and use the COM+ API functions, or check the box using the GUI.

Some links to info:
http://msdn.microsoft.com/en-us/library/aa381276(VS.85).aspx
http://msdn.microsoft.com/en-us/library/aa381283(VS.85).aspx

And code examples:

http://msdn.microsoft.com/en-us/library/aa383579(VS.85).aspx


----------



## scrfix (May 3, 2009)

Jerry,

I did not see that you posted. Thank you for that. I will look into that. I am getting into season now so I will be busy until April when I will hit this again. I will in my spare time look into programming it in C++. I can program command line C++ but never attempted GUI and it has been a little while for it. Time to brush up on my C++. I have no clue how you found that. I looked everywhere.

Thanks,


----------



## scrfix (May 3, 2009)

Jerry,

As far as not setting the Log on as a batch job User Right that is set by schtasks.exe or the GUI, is there a way to manually set this? Perhaps this is the problem?

Where do I check that at if I want to test?

Try this.

1. Set the task as described above with JT. You will see it doesn't set the log on as batch job user right as you described.

2. Now, open the task manager job, manually browse to that same file in the same location as what was set, then click OK. Now the program works. Is the log on as batch job user right set now?

*Updated 9:58am*
*October 19th, 2009*
I found a NSIS installer creator program that calls on the task scheduler itaskscheduler COM and sets the run only if logged on and the same thing happens as the JT.exe. It creates it no problem, it checks the box and nothing else happens.

http://nsis.sourceforge.net/Download: Download the software
http://nsis.sourceforge.net/Category:Tutorials: Basic Tutorials
http://nsis.sourceforge.net/Scheduled_Tasks: The code for scheduled tasks

I have attached my code for testing a bat file.
I have already included the code for checking the box.
I have already changed the code to work with the folder and the test.bat file I have enclosed.

Install NSIS
Place the testbats folder in your root C drive.
Load the task-scheduler-test.nsi file into NSIS
It will spit out an exe file
Run the exe

The exe will have the box checked but will not run until you manually browse to the location of the file and then click OK. What is the difference? Perhaps that user right you mentioned?


----------



## scrfix (May 3, 2009)

Well,

I have not been able to resolve the issue but I did create a work-a-round for it. I also ran into yet another snag. Windows XP Home edition does not natively have schtasks. I just found that out when I create a batch to create the scheduled task and had to run it on XP Home. It wouldn't run... ahhhhhhh Back to the drawing board.

Be advised to whomever is reading this that this work-a-round is a dirty work-a-round but it works and after months of deliberation, short of contacting MS themselves, it is the best I could come up with.

So I am now back to where I began. Here is what I did. I created a Macro utilizing the Jitbit Macro Recorder.

You can always copy the schtasks from XP Pro to XP Home but that would violate the MS copyright. Not wanting to take on the big dogs I found a different way.

So now I know that I cannot utilize schtasks for this task because of XP Home so I will have to attempt to make JT.exe work.

1. JT.exe is a freely downloaded task scheduling program that can be redistrubited to computers with the EULA agreement in tact. I think there is a copy of it in one of these posts. If not, MS has it available for download. Just search Google.

Example for utilizing JT.exe. The below example will schedule a task named *My Scheduled Task Name* to start at 1am today and run daily. It provides the pathway to the file and the working directory to the file. It tells it to start even if it is on batteries. It provides a MAX Runtime in milliseconds and most important It does NOT check the run only if logged on box. This cannot be checked yet UNLESS you know the persons username and password. It also does not autostart the job immediately.

jt /SAJ "My Scheduled Task Name.job" /CTJ StartTime=01:00 StartDate=TODAY type=Daily typearguments=1 /sj ApplicationName="C:\PATHWAY TO MY FILE I WANT TO RUN\MYFILE.exe" WorkingDirectory="C:\PATHWAY TO MY FILE I WANT TO RUN" DontStartIfOnBatteries=0 MaxRunTime=259200000 RunOnlyIfLoggedOn=0 /sc "%userdomain%\%username%" PASSWORDHERE /SM ""

2. I created a Macro with the jitbit Macro recorder utilizing only keys to get to the scheduled tasks, open up the correct scheduled task and then manually check the Run Only If Logged On box. JitBit compiles to an EXE and will run on any machine. I now run the macro and it checks the run only box and now the scheduled task will run properly even if you do not know the users credentials.

You can access the scheduled tasks easily by utilizing
Press and Release Windows Key+R (This will bring up the Windows Run Dialogue Box)
Type control schedtasks (Then press ENTER. This will bring up the scheduled tasks window and automatically close the Run Dialogue box)
Type out the name of your scheduled task (Then press ENTER. This will ensure that you are on your scheduled task and then open the properties window for you)
Press and Release ALT+L (This will check the box then press ENTER to save that change and close the Window.)

Jitbit has options to wait for a Window to open before proceeding and to close windows. It is a rather nice program.

I am sure there is another way because Symantec and Google both seem to be able to check that box without having to go through this and without needing my credentials but I will be damned if I can find it. I have consulted with tons of people for months and months searching for an answer.


----------



## Squashman (Apr 4, 2003)

There is an API for scheduling Tasks. Which is how Google and Symantec do it. So you would actually have to learn a C++ or some other language that can communicate with the API.


----------



## scrfix (May 3, 2009)

Squashman,

If you look at my above post prior to that one you will see that I have been down that road. NSIS utilizes the API call. It does the same thing as the JT.exe.

1. It creates the task no problem.
2. It checks the run only box with no problem.
3. The task doesn't run. I can only presume it is because of what Jerry mentioned before about the logon as batch user right not being set. I don't know how to check that so I could not verify and I did not hear back from him when I asked above.


----------



## Squashman (Apr 4, 2003)

Sometimes you just need to keep things simple.
I think it is amazing some of the things you do for your customers but sometimes less is more.

Educating your customers on how to do things themselves can go a long way. If you charged them per hour for all the time to develop these scripts, plus paid everyone here who helped you develop that script they may think twice about asking you to do what you are doing.

I am all for automating things as long as it is a simple and easily implemented solution. But, when you have to "Jerry" rig something...(no pun intended), it ends up snowballing into an even larger Hodge-podge of fixes and patches to the point of having so much tape on it, it fails and then nobody knows how to fix it.


----------



## scrfix (May 3, 2009)

I agree with keeping things simple however I also don't give up with a given task just because it is hard to do. I am the type of person that keeps at something no matter what blockage is thrown in the way.

Make no mistake, this is not just for clients. This is for the technicians and myself as well. Technicians tend to make mistakes when working with clients computers even with proper protocols in place, especially if they are new technicians that are not yet aware of the protocols in place. Anything that I can do to automate a task so that I am not liable for a technicians mistake is well worth the time I spend on it.

I don't think that I would utilize the term "rig" with Jerrys programming. Jerry obviously has skills that supercede my own and I am very grateful that he actually takes his time to help myself and other like me.

Educating customers sounds like a good approach however in actual reality it takes unnecessary time away from the technicians, myself and leaves open room for a now newly supported object because we taught it to them. All of the studying and research that I have done pertaining to this project has been in my spare time. As previously mentioned, if I can learn it I will.

I have thus far learned from this endeavor that:

1. schtasks is not available on XP Home.

2. JT.exe does not support the logon as batch user right if you do not enter a username and password.

3. The API function still does not allow the scheduled task to run properly unless you know the credentials even if you utilize the checkbox.

4. AT.exe will create a task and run automatically under the System only. It will not transfer over a mapped drive.

5. AT.exe does not have the capability of changing its name or many other desired functions so it is for all intents and purposes for this project it is a deprecated program as comparison to schtasks.exe or jt.exe.

6. Many 1000's of other people are looking for a solution to this issue just like me and have not found one.

7. Legally, you cannot just transfer over schtasks from one OS to another.

8. If you utilize any of those combination of the above programs in an attempt to check the run only checkbox, without the proper credentials, the box may check but the task still does not run properly.

9. If you utilize any of the combination to make the scheduled task and then utilize a Macro to check the box as described above, the task will run properly.

10. There are a number of other smaller items not listed here that I have learned from this as well. I would not consider learning anything a waste of time.

As far as payment, once again I agree with you however I am once again grateful for people such as Jerry, myself and everyone else that help others out without reservation.

As far as I can tell, with the help of everyone that has interacted with this project I am the first one to put a work-a-round out for this. There are 3 items out there that claim to be able to accomplish this task but I have attempted 2 out of the 3 and end up with the same issue; it doesn't run the task. The third one is a python conversion script however there was no place to download it and no examples to work with in order to get it working.

I have yet to attempt my Macro not running interactively. Perhaps I can run it hidden and then it becomes a better a work-a-round. I just don't like the fact that it takes the 3 seconds and actually shows the user what is happening. I would rather it didn't. If I run the EXE with no interaction perhaps it will not show it and give the appearance that I am looking for. 

I thank everyone that has helped with this project.


----------



## Squashman (Apr 4, 2003)

Maybe you can look into using CRON for Windows. It may solve your issue but may also open up a whole new set of problems. There is a couple of different implementations of CRON for Windows out there. For all I know there may be a better Task Scheduler daemon out there then what Windows has.

If you were on a Unix system you would not have these problems with scheduling tasks. CRON just works. I am not sure if it works the same way as it does in Unix on Windows. You would have to test it.

Here are a couple of different ones you could try.
http://www.nncron.ru/
http://www.cronforwindows.com/
http://www.z-cron.com/scheduler.html
http://cronw.sourceforge.net/

This also looked interesting. But probably isn't going to work for what you want to do.
http://www.snapfiles.com/reviews/Karenonceaday/karenonceaday.html


----------



## scrfix (May 3, 2009)

Squashman,

Thanks for the wincron idea. I researched that avenue prior to researching the schtasks, jt, at avenue.

The programs need to be installed onto the comptuer. I don't have access to install software on every computer I am working with. 

Although off the subject with this new discovery of NSIS, this program is designed to be a windows installer and install other programs automatically. This programmed opened up a whole new world to me. There is a security pack I intall for my clients which includes 5 different pieces of software. If I can program them to install automatically... that would be wonderful.


----------



## TheOutcaste (Aug 8, 2007)

scrfix said:


> 3. The task doesn't run. I can only presume it is because of what Jerry mentioned before about the logon as batch user right not being set. I don't know how to check that so I could not verify and I did not hear back from him when I asked above.


Sorry about that, overlooked that post somehow. You can set that right using *ntrights.exe*, from the Server 2003 Resource kit.
The built-in help doesn't list that right as one it supports, but this KB article does.

I haven't had any luck with it though. I monitored the registry while creating a task, and lsass.exe does set that right in the Security data base when a task is created, and that change was noted in the Event Viewer. That's the only rights change noted.
*ntrights* also adds the right as evidenced by the Event Viewer.

Doesn't seem to make a difference unless you use the correct password for the account. SchTasks in XP sets the credentials, it doesn't have the switch that Vista does that sets the flag to use the current credentials.

Only way I can see to do it on XP is to program it some flavor of C or .net so you can call the Windows API. That would also solve the problem of *schtasks.exe* not being included in XP Home.

I still don't see why you can't just create a user to use for running scheduled tasks. You can hide it from the end user fairly well so it's not likely to be deleted. Then you would know the password, and wouldn't have to worry about the credentials.

The following will do just that.


Creates a *ScheduledTasks* folder under *Windows\System32*
Creates a User Profile folder named *TaskAccount* under *Windows\System32\ScheduledTasks*
Hides these two folders
Since we are creating the folder first, the folder will be empty. You can put the folder anyplace to hide it
I chose *Windows\System32\ScheduledTasks* as an example
It creates the user *TaskAccount*
Hides the user from the Welcome screen and User Accounts control panel.
This also prevents the Administrator account from vanishing from the Welcome screen if it's the only account.
Creates the task
Assigns the batch logon rights

The User account will not appear on the Welcome screen or in User Accounts.
It does appear in *control userpasswords2* and in the *Local Users and Groups* snap in, as well as in the output of *Net User*.
This could use some more error checking, as it doesn't check to see if the account already exists. The password is in plain text; can't really hide it in a batch file, but you can obfuscate it quite a bit. But adding an echo statement would display it.

```
Set _Username=TaskAccount
Set _UserPass=Password
Set _ProPath=%SystemRoot%\System32\ScheduledTasks\%_Username%
If Not Exist "%_ProPath%" (
  md "%_ProPath%"
  Attrib +h +s "%_ProPath%"
  Attrib +h +s "%_ProPath%..\"
)
Net User |Findstr /I "%_Username%"
If %Errorlevel%==1 (
  Net User %_Username% %_UserPass% /add /profilepath:"%_ProPath%" /passwordreq:yes /passwordchg:no /fullname:"DO NOT DELETE - Scheduled Tasks Account."
  Net LocalGroup Administrators %_Username% /add
  Net LocalGroup Users %_Username% /Delete
  Reg Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /V %_Username% /T REG_DWORD /D 0 /F
)
schtasks /create /RU %_Username% /RP %_Userpass% /SC Minute /mo 1 /TN "My Task" /ST 00:30:00 /TR "\"C:\Script Folder\test.cmd\""
ntrights -U %_Username% +R SeBatchLogonRight
```
The NSIS script you posted looks promising. Haven't had time to look at it yet, but it's already using the *ITask* and *ITaskTrigger* calls, so should be easy to add the *IScheduledWorkItem::SetFlags* and *IScheduledWorkItem::SetAccountInformation* bits to set the *Run only if logged on flag* and be able to forgo entering the password.
Looks like the GUID for *IScheduledWorkItem* is A6B952F0-A4B1-11D0-997D-00AA006887EC, found that here

Looks like a .NET library for Visual Studio can be found here
A New Task Scheduler Class Library for .NET


----------



## scrfix (May 3, 2009)

Hi Jerry,

The reason I did not want to go with creating a separate username is because it could be seen and removed from control userpasswords2. I also did not want the password being changed from there.

However I did look down that road when you mentioned it before. I found out that I can stop someone from changing their password with: net user username /passwordchg:no
I could not find a way to stop them from deleting the username other than putting in "TaskScheduler - Do Not Delete" as the username.
As far as the plain text password; for this particular application I wouldn't care about that.

I found that library earlier and read over that. Unfortunately, the original article that has all of the details is not available and when I signed up for an account and went to download the zip files, they were not available. I wrote to the writer of the article and never heard anything back. I did try to figure stuff out but hit a dead end with that one.

As far as the API call, NSIS utilizes the API call.
The NSIS is so easy to read and use. It took me less than 1/2 hour to read through some examples and figure out how to program that thing. However once again, I hit a dead end. It created the task, it set the checkbox, the task did not run. If I created the task and then utilized that Macro to check the checkbox then it ran perfectly however at that point in time, I could just utilize schtasks.exe to create the task and then utilize the Macro to check the checkbox and not need NSIS other than if I want an extremely nice installer package which I don't need nor want for this application. Other applications however that NSIS is awesome!

I found that pinvoke.net page as well however the warning detoured me away from attempting anything. I could not find any examples to work with so that led me to a dead end. I did not realize however that NSIS utilized that.

Warning: Part of the Task Scheduler 1.0 Interfaces, which consists of IEnumWorkItems, ITask, ITaskScheduler, ITaskTrigger and IScheduledWorkItem. Generally this is useless - use ITask (which inherits from IScheduledWorkItem) instead. Not all methods have been tested, so be careful!

Perhaps that warning is why NSIS doesn't work.

I will attempt your method of creating another username. I would rather have this working within the same username however I believe that this method is probably one step above the Macro method. I didn't like that method unless it can be hidden. However it is pretty solid. I have tested it on around 10 machines thus far with all success.

I found out that if I utilize the jt.exe instead of schtasks.exe that resolves the xp home issue as well. The working method thus far is utilizing the jt.exe to create the task and then utilizing the macro to check the checkbox. The task will run inside the username. It is not the best method but it works.

I will attempt to work with the method you have provided this weekend.

Thanks Jerry.


----------



## Squashman (Apr 4, 2003)

Yeah, but how many people really know about control userpasswords2. Most people are not going to even know it exists.


----------

