Scheduled Task Won't Run Under Limited User

  • Thread starter Thread starter K
  • Start date Start date
K

K

Guest
I have a few workgroup machines which I cannot for various reasons join to
the domain.

I have set up 2 scheduled tasks to perform a number of actions at user
logon. These tasks run as administrator and so can perform the relevant
actions.

They show in Scheduled Tasks and run fine when the administrator logs in,
however when a normal user (limited user) logs in, they can neither see the
tasks exist nor do they run.

What do I need to do to get around this problem?

Thank you
 
Re: Scheduled Task Won't Run Under Limited User


"K" <nospam@nospam.com> wrote in message
news:u%23beS8D2IHA.4004@TK2MSFTNGP03.phx.gbl...
>I have a few workgroup machines which I cannot for various reasons join to
>the domain.
>
> I have set up 2 scheduled tasks to perform a number of actions at user
> logon. These tasks run as administrator and so can perform the relevant
> actions.
>
> They show in Scheduled Tasks and run fine when the administrator logs in,
> however when a normal user (limited user) logs in, they can neither see
> the tasks exist nor do they run.
>
> What do I need to do to get around this problem?
>
> Thank you

There is a conceptual problem here. If your logon script elevates
the user's privilege to that of an administrator then a computer-savvy
user can tap into this script and do whatever he pleases. You might
as well make him an administrator.

Creating a task under the account of the Administrator won't do
the trick, because this task will only run when the administrator
logs on.

What are the actions that require administrative privileges? Can't
you implement them through Group Policy?
 
Re: Scheduled Task Won't Run Under Limited User

"Pegasus (MVP)" <I.can@fly.com.oz> wrote in message
news:O7o8kDE2IHA.1772@TK2MSFTNGP03.phx.gbl...
>
> "K" <nospam@nospam.com> wrote in message
> news:u%23beS8D2IHA.4004@TK2MSFTNGP03.phx.gbl...
>>I have a few workgroup machines which I cannot for various reasons join to
>>the domain.
>>
>> I have set up 2 scheduled tasks to perform a number of actions at user
>> logon. These tasks run as administrator and so can perform the relevant
>> actions.
>>
>> They show in Scheduled Tasks and run fine when the administrator logs in,
>> however when a normal user (limited user) logs in, they can neither see
>> the tasks exist nor do they run.
>>
>> What do I need to do to get around this problem?
>>
>> Thank you
>
> There is a conceptual problem here. If your logon script elevates
> the user's privilege to that of an administrator then a computer-savvy
> user can tap into this script and do whatever he pleases. You might
> as well make him an administrator.
>
> Creating a task under the account of the Administrator won't do
> the trick, because this task will only run when the administrator
> logs on.
>
> What are the actions that require administrative privileges? Can't
> you implement them through Group Policy?

They are workgroup machines so GPO not an option and local policy will be
far too time consuming to implement.

The user logs on as themselves and the scheduled task (which is set to kick
in at user logon) runs using the admin account. The script performs a
number of audit actions and then FTP's the data back to head office. The
actual scripts are secured on the DACL to admin only so the user cannot
tamper with them.

This DOES work on some machines. The scheduled tasks both show up and run
whether user or admin logs in. There are as described though a number of
problematic machines where the scheduled tasks were created under the admin
account and are not visible (therefore do not run) under the user account.

How can I make all tasks visible to all users?
 
Re: Scheduled Task Won't Run Under Limited User


"K" <nospam@nospam.com> wrote in message
news:O%23xcpGE2IHA.528@TK2MSFTNGP02.phx.gbl...
> "Pegasus (MVP)" <I.can@fly.com.oz> wrote in message
> news:O7o8kDE2IHA.1772@TK2MSFTNGP03.phx.gbl...
>>
>> "K" <nospam@nospam.com> wrote in message
>> news:u%23beS8D2IHA.4004@TK2MSFTNGP03.phx.gbl...
>>>I have a few workgroup machines which I cannot for various reasons join
>>>to the domain.
>>>
>>> I have set up 2 scheduled tasks to perform a number of actions at user
>>> logon. These tasks run as administrator and so can perform the relevant
>>> actions.
>>>
>>> They show in Scheduled Tasks and run fine when the administrator logs
>>> in, however when a normal user (limited user) logs in, they can neither
>>> see the tasks exist nor do they run.
>>>
>>> What do I need to do to get around this problem?
>>>
>>> Thank you
>>
>> There is a conceptual problem here. If your logon script elevates
>> the user's privilege to that of an administrator then a computer-savvy
>> user can tap into this script and do whatever he pleases. You might
>> as well make him an administrator.
>>
>> Creating a task under the account of the Administrator won't do
>> the trick, because this task will only run when the administrator
>> logs on.
>>
>> What are the actions that require administrative privileges? Can't
>> you implement them through Group Policy?
>
> They are workgroup machines so GPO not an option and local policy will be
> far too time consuming to implement.
>
> The user logs on as themselves and the scheduled task (which is set to
> kick in at user logon) runs using the admin account. The script performs
> a number of audit actions and then FTP's the data back to head office.
> The actual scripts are secured on the DACL to admin only so the user
> cannot tamper with them.
>
> This DOES work on some machines. The scheduled tasks both show up and run
> whether user or admin logs in. There are as described though a number of
> problematic machines where the scheduled tasks were created under the
> admin account and are not visible (therefore do not run) under the user
> account.
>
> How can I make all tasks visible to all users?

There are two ways to make a task visible:
- Log on under the same account as the one used for the task.
- Log the output of each command processed by the task. If
it is a batch file then you do it like this:
@echo off
echo %date% %time% >> c:\test.txt
c:\SomeFolder\SomeProgram.exe 1>>c:\test.txt 2>>&1
 
Re: Scheduled Task Won't Run Under Limited User

On Sun, 12 Oct 2008 03:32:56 +0100, chakbells
<chakbells.3h6dfr@no-mx.forums.xpheads.com> wrote:

completely OT
 
RE: Scheduled Task Won't Run Under Limited User

It might require administrator priveliges

"unknown" wrote:

>
 

Similar threads

D
Windows 10 Windows 10: Scheduled task cannot access clipboard when computer is locked
Replies
0
Views
200
dm_parker0
D
M
Windows 10 Run program as administrator after logon
Replies
0
Views
238
marianh
M
J
Windows 10 Locked Out Of Scheduled Task Editing
Replies
0
Views
137
Jay Florey
J
D
Scheduled Task To Turnover Files at Midnight Unpredictable
Replies
0
Views
137
DisplayNamePaul
D
M
Windows Defender Performs Full Scan and Custom Scans, Won't do offline scan since last month
Replies
0
Views
134
M W 67
M
Back
Top