# Solved: Schtasks -- upated and not working



## wisdum (Dec 1, 2005)

I have been using the Schtasks command for awhile now and i think windows has updated this command and now i can't make it work.

I use 2k3 server with xp pro clients, we have used this command to create a scheduled maintenance cycle for all of our domain clients; except now it wont work. I get an "Access Denied" error. Even if i use the admin account and password.

Has anyone else come across this?

thanks

wisdum


----------



## StumpedTechy (Jul 7, 2004)

Is your error something like this? Can you give us the whole error?

http://support.microsoft.com/default.aspx?scid=kb;en-us;884573


----------



## wisdum (Dec 1, 2005)

Stumped:

Thanks again for you help! That is it! This is the problem i have been having...

thanks again

wis


----------



## wisdum (Dec 1, 2005)

Alright, 

I tried the "workaround" micr0$oft fix (Access this computer from the network - policy setting) and it still does not work. 

I did notice, however, that their isn't a true error message. It simply says: "ERROR: Access is Denied." The permissions work, and everything should be fine their, but it still doesn't work.

anyone?

wis


----------



## wisdum (Dec 1, 2005)

Alright, 

I have been working on it and now im getting a different error message:

ERROR: Passing the user credential on local connection

any ideas?

wis


----------



## StumpedTechy (Jul 7, 2004)

Can you post the lineS your trying?


----------



## wisdum (Dec 1, 2005)

Alright, here it is: (I left out the authentication... )

schtasks /create /TN Spybot /U ****** /P ******* /S %COMPUTERNAME% /SC daily /ST 05:00:00 /TR "C:\Progra~1\Spybot\SpybotSD.exe /taskbarhide /autoupdate /autoimmunize /autocheck /autofix /autoclose"

wis


----------



## StumpedTechy (Jul 7, 2004)

Okay it has to do with syntax somehow. I got the same error on my setup when I copied it and put in my user account information. I am not used to command line configuring but this does work on mine -

schtasks /create /TN Spybot /SC daily /ST 05:00:00 /TR "C:\Progra~1\Spybot\SpybotSD.exe /taskbarhide /autoupdate /auto immunize /autocheck /autofix /autoclose" /ru Domain\user /rp password

I am assuming since you have %computername% its pulling from the local computer which this command would then not need.....

I just checked my scheduled tasks and its there wanting to run as a domain admin.


----------



## wisdum (Dec 1, 2005)

Alright,

Ive been doing some more work on this project..

I have noticed that even with a domain admin account (/RU, /RP) it still doesn't work. I did recieve a false-positive though; if the user logging on is in the admin group, the script will schedule it and it will work... 

the break down:

The /RU and /RP switches tells the scheduler who has authority to run the task, it does not create the tast based on that user though. I.e. when a non-admin logs on and the script runs, it is created under that user's profile (with credentials of the admin account to run the task). If the user is not permitted to create the scheduled task, it will fail. It will create the task, but it will be unable to run... weird... oh, and microsoft admitted to breaking it with a recent update... 

So, this puts us in a little better place to find a solution. 

Stumped, im guessing it worked on your computer because you are an administrator... so you have permission to create the tasks, and then your specified account (/ru /rp) is the one that runs it.

Thanks for everyone's help, but this problem is not fixed....yet..

wis


----------



## StumpedTechy (Jul 7, 2004)

scheduled tasks are user based? I thought once it was scheduled no matter who has scheduled it that this task will run? Why not do some kind of runas command and have it scheduled by an admin account and then have the /ru and rp switches to get it to run with the user not having admin rights?


----------



## wisdum (Dec 1, 2005)

I thought about the runas command except that it prompts you for a password... im sure you see the problem there.

So, if it is possible to do a runas with an automated password (which it specifically says not to do) then that will work.

When a user on our network logs on, a batch file is ran that schedules the task. However, that task is created by the user that logs on. The /ru and /rp are the authentication for the tasks when it actually does run. That is why our admins show it as working (because they can schedule the task) and it runs properly because of the admin account that runs it (/ru /rp). 

This sucks, why did micr0$haft have to break schtasks... this worked fine a few months ago!

grrrrrr

wis


----------



## wisdum (Dec 1, 2005)

Oh, i forgot, when the users log on the task is created and it shows the creator/owner as the individual user that just logged on...


----------



## StumpedTechy (Jul 7, 2004)

Why not do it in a startup script instead of a logon script? This puts it under the machines admin account. THis also makes runas moot.


----------



## wisdum (Dec 1, 2005)

w00t!

It worked, thanks a bunch stumped, you have been a big help, as usual!

thanks again!


----------



## StumpedTechy (Jul 7, 2004)

Whew glad my brain cells had extra thinking juice left in them  :up:


----------



## wisdum (Dec 1, 2005)

Cool

This is opening up a wide variety of options now. I realize that vbscript can all that i want and far more.. but call me old school (i love batch files!)

Now, to create a batch that will copy the spybot logs to the server for review.... 

Stumped, im sure ill need your help soon enough!

Thanks again!

wis


----------



## wisdum (Dec 1, 2005)

Well, once again im sure their is an "easier" or "better" way to do this with a vbScript... however im old school:

In Scheduled Tasks, where does it actually save the .job files? I can see in the log that it is running the task 'spybot.job' but that file is not on my computer. I have tried to search with Search System Files, Search Hidden Files/folders and Search Subfolders all enabled and it still does not bring anything up.

Is this something that is just a registry key, and not an actual file? 

The reason i want to find the file involves my script running an IF NOT EXIST where it looks for the job, if it doesn't exist, it schedules it.. pretty simple except i can't find the stupid files...

wis


----------



## StumpedTechy (Jul 7, 2004)

Okay now your asking the easy stuff -

Jobs can be seen 2 ways -

Start -> All Programs -> Accessories -> System Tools -> Scheduled Tasks
OR
Start -> Run -> \\Remote computer name -> Scheduled Tasks

They are kept in C:\windows\tasks and are *.job files.


----------



## wisdum (Dec 1, 2005)

Thanks again Stumped... i really apprecaite all your help. I have compiled a small batch script and i thought i would share it with everyone incase they want to do something similar...

I left out the authentication... 

echo off
REM Computer Startup Script
REM Written by Andy -- Wisdum
REM V1.1


REM Enables Remote Desktop
reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0

REM copy Shortcut to desktop from share on server
REM copy /Y \\cccs-xan.watchwest\SysVol\cccs-xan.watchwest\Policies\{686578E5-BA69-4DBB-B2A3-21DBB153D7EA}\User\Scripts\Logon\WatchServerShares.lnk "%userprofile%\desktop\"
REM copy /Y \\cccs-xan.watchwest\SysVol\cccs-xan.watchwest\Policies\{686578E5-BA69-4DBB-B2A3-21DBB153D7EA}\User\Scripts\Logon\WATCh_PUBLIC_SHARE.lnk "%userprofile%\desktop\"



REM ------------------------------------------------------------------------------------
REM --------------------------------Schedule Section------------------------------------
REM ------------------------------------------------------------------------------------
REM -------------------------------------Start------------------------------------------

REM Autologoff user at 1:00 AM
IF NOT EXIST "%SYSTEMDRIVE%"\WINDOWS\TASKS\autologoff.job. (schtasks /create /TN autologoff /RU ******/RP *******/SC daily /ST 01:00:00 /TR "%SystemRoot%"\System32\logoff.exe.)

REM Schedule reboot
IF NOT EXIST "%SYSTEMDRIVE%"\WINDOWS\TASKS\autoreboot.job. (schtasks /create /TN autoreboot /RU *****/RP ********/SC daily /ST 05:00:00 /TR "%SystemRoot%"\System32\shutdown.exe -r -t 60.) 

REM Schedule Spybot Scan
IF NOT EXIST "%SYSTEMDRIVE%"\WINDOWS\TASKS\spybot.job. (schtasks /create /TN Spybot /RU **** /RP ******/SC daily /ST 05:20:00 /TR "C:\Progra~1\Spybot\SpybotSD.exe /taskbarhide /autoupdate /autoimmunize /autocheck /autofix /autoclose".)

REM Schedule Spybot Log Backup
IF NOT EXIST \\192.168.1.254\Logs\spybot\"%COMPUTERNAME%". (mkdir \\192.168.1.254\Logs\Spybot\"%COMPUTERNAME%".)
IF NOT EXIST "%SYSTEMDRIVE%"\WINDOWS\TASKS\spybotbackup.job. (schtasks /create /TN spybotbackup /RU ******/RP ****** /SC daily /ST 05:55:00 /TR \\192.168.1.254\Logs\spybot\spybotbackup.bat.)

REM Schedules Defrag
IF NOT EXIST "%SYSTEMDRIVE%"\WINDOWS\TASKS\defrag.job. (schtasks /create /TN defrag /RU **** /RP ***** /SC daily /ST 01:00:00 /TR "defrag %systemdrive%".)

REM -------------------------------------------------------------------------------------
REM -------------------------------------End of Schedule Section-------------------------
REM -------------------------------------------------------------------------------------


This uses a spybot.msi that i created... but yeah, i think it is pretty self explanitory. Oh, and the defragger is really handy to take that task from the users (who are stupid) and have it automated.

Im sure their is a better way to do it than this...but hey, why not. The only problem that i see with this is a clear text username and password of a limited administrative account. With echo off it wont show to the user, but if someone knew what was going on and had a packet sniffer im sure they could compromise the credentials...

Anyone have any comments on this or suggestions?

wisdum


----------



## wisdum (Dec 1, 2005)

I guess i should have mentioned that the following line runs a batch on an open share on the server that simply copies the spybot logs to the server in a folder that is the same name as the computer (%COMPUTERNAME%)... just to clear things up.

IF NOT EXIST "%SYSTEMDRIVE%"\WINDOWS\TASKS\spybotbackup.job. (schtasks /create /TN spybotbackup /RU ******/RP ****** /SC daily /ST 05:55:00 /TR \\192.168.1.254\Logs\spybot\spybotbackup.bat.)

this simply schedules the other batch that copies the files to run... a nice, centralized backup of the spybot logs on the server.

wis


----------



## dvdo (Jun 24, 2007)

Use PSEXEC (SysInternals tool [owned by Microsoft]) as follows:

psexec \\hostname schtasks /create /sc weekly /mo 2 /st 21:00:00 /tn "Sync Tool" /tr "C:\Temp\Tools\sync.BAT" /ru "System"

I was researching this for a project and came up with this.


----------



## dvdo (Jun 24, 2007)

Btw, EULA acceptance is required by MS and these REG commands will bypass EULA prompt:

REG ADD "HKCU\Software\Sysinternals" /f
REG ADD "HKCU\Software\Sysinternals\PsExec" /f
REG ADD "HKCU\Software\Sysinternals\PsExec" /v "EulaAccepted" /t REG_DWORD /d 1 /f


----------



## wisdum (Dec 1, 2005)

I have never noticed psexec having a EULA. That is a first for me. How does it affect it? I haven't noticed it not working... are those keys required?

wis

PS. This thread was a great help and i have been using the knowledge from it on my network for a year now.


----------



## dvdo (Jun 24, 2007)

That EULA has been required since Microsoft's acquisition of SysInternals. The older versions of their tools may not have the EULA acceptance, but most of the newer ones do. It should not affect their use, so long and you have the above REG keys in queue/merged.


----------



## wisdum (Dec 1, 2005)

Ahh, mine is an old copy ive had for a long time... im sure that is why it worked.

thanks for the update!


----------



## vmbriggs (Aug 3, 2007)

I've been having this same problem for weeks...Tried everything, even running the .bat as a startup script, but it still applied user credentials. If I put it only in the computer part of the policy, it did not create at all.


----------



## wisdum (Dec 1, 2005)

Awhile back Microsoft released an update that broke schtasks. I have never been able to get it to work like that again. This is unofficially now unsolved again.... has anyone been able to make this work recently? I think the update came out some time this last winter.

wis


----------



## vmbriggs (Aug 3, 2007)

I had read a few places that the recent change MS made in the task schedule is to limit the cache that it uses when creating a task. I had originally had a login script that tried to schedule 2 seperate tasks. I found that if I limit it to one, and wait at least 10-15 minutes before trying to schedule another, then the work fine.


----------



## wisdum (Dec 1, 2005)

wow, that sucks

I will try that out i guess.


----------

