Question:
I am trying to make a powershell script to create a scheduled task to run a command on demand. the following is the code I have thus far.
|
1 2 3 4 5 6 7 8 9 10 11 |
$taskName = "TestTask" $taskPath = " $user = "$env:USERDOMAIN\$env:USERNAME" $response = Read-host "What's your password?" -AsSecureString $password=[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($response)) $action = New-ScheduledTaskAction -Execute "task.cmd" $settings = New-ScheduledTaskSettingsSet -Compatibility WIN8 $principal = New-ScheduledTaskPrincipal -UserId Administrator -LogonType S4U -RunLevel Highest $inputObject = New-ScheduledTask -Action $action -Principal $principal - Settings $settings Register-ScheduledTask -TaskName $taskName -taskpath $taskPath -InputObject $inputObject -user $user -password $Password |
This works well to setup the task the only thing I am looking for is to be able to run the task from any user in the admin group while the Administrator (who the task is run as) is not logged in and I don’t want to store the password. When I set up a task through the GUI I can select the button to run whether the user is logged in or not which the above code achieves. But it won’t check the box to say do not store the password. When I run the following command in powershell to look at the properties of the created task the output is as followed
|
1 2 3 4 5 6 7 8 9 10 11 12 |
get-scheduledtask testtask | select -ExpandProperty principal DisplayName : GroupId : Id : Author LogonType : Password RunLevel : Highest UserId : WIN-REH2TQO7H7S\Administrator ProcessTokenSidType : Default RequiredPrivilege : PSComputerName : |
If I run the same command on a task I created through the GUI with the don’t save password check I get the following
|
1 2 3 4 5 6 7 8 9 10 11 12 |
get-scheduledtask testtask | select -ExpandProperty principal DisplayName : GroupId : Id : Author LogonType : S4U RunLevel : Highest UserId : WIN-REH2TQO7H7S\Administrator ProcessTokenSidType : Default RequiredPrivilege : PSComputerName : |
The only difference I have found is LogonType being S4U vs. Password. So in my powershell I added
|
1 2 |
$principal = New-ScheduledTaskPrincipal -UserId Administrator -LogonType S4U -RunLevel Highest |
But even with the LogonType set to S4U in the code it still sets it to password when it creates it. I can go into the GUI and physically change the task after the powershell code runs and check that box at which point it is set correct. But does anyone have any idea as to why the code wont do it ? or if I missed something ?
Thanks for any help you can provide,
Mack.
Answer:
I was looking for a similar thing, using the local admin account with ‘Do not store password’ enabled. Your post got me on the right track and mine now works.
Try this instead:
|
1 2 |
Register-ScheduledTask -TaskName $taskName -taskpath $taskPath -InputObject $inputObject |
If that fails, try putting the principal in the line and take it out of the InputObject:
|
1 2 |
Register-ScheduledTask -TaskName $taskName -Action $action -Principal $Principal |