none
Scripting a Scheduled Task RRS feed

  • Question

  • Hello,

    I have created a scheduled task withing the GUI of a Windows 10 Enterprise machine that works fine. I would like to recreate this task in PowerShell.

    Here are the task details

    Run only when user is logged on
    Trigger = On Workstation lock
    Delay = 6 hours
    Action = Logoff -f

    I can't figure out how to write that specific trigger or incorporate a 6 hour delay upon the workstation being locked. Below is what I have so far. 

    $A = New-ScheduledTaskAction -Execute 'cmd.exe' `
    $T =  New-ScheduledTaskTrigger 
    Register-ScheduledTask -Action $A -Trigger $T -TaskName "LogOffPlease" -Description "Logs people out after 5 hours of inactivity whilst logged in"


    Thursday, October 12, 2017 2:20 PM

Answers

  • SCCM doesn't require credentials.  Just use "loggedOn User" instead of "this user".  SCCM has sufficient permissions to import the XML and can set the execution account.  You don't need to do that with PowerShell.  Two tasks. One imports the script and the second sets the execution account. Don't use SYSTEM or SERVICE accounts.  Use a regular account on the local system and you won't need a password. 


    \_(ツ)_/

    • Marked as answer by Rocketrs8 Monday, October 16, 2017 6:21 PM
    Monday, October 16, 2017 4:49 PM

All replies

  • That trigger is not available in PowerSHell.

    Help New-ScheduledTaskTrigger  -full

    You can copy a task by getting exporting the task and importing it to a new task.


    \_(ツ)_/

    Thursday, October 12, 2017 9:56 PM
  • Interesting. The issue with importing the task is that you have to enter credentials to run that script (correct me if I am wrong?). In the environment I plan to do this in that would not be possible. Additional I have run into another issue of that unless the task is run under my credentials it doesn't work. I tried local service and system and both failed to work. Based on that I think I am not going to be able to achieve my goal.
    Monday, October 16, 2017 1:06 PM
  • The PS commands allow you to add credentials.  "Local Service" and "System" may not have correct permissions to run your task.  Also some commands require a user to be logged in when the commands execute.  You cannot run a shell from a task with any reliability and it can only be run when the user is logged in.  Running most things will work "on lock" but many will fail when the station is locked.

    If the task does not run against a domain then the credentials do not need to be used.  Just select to run as logged in user.  A locked trigger must be run as the logged in user.  How else would it know about the lock?

    This is all you need.  Notice there is no password needed.

    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    	<RegistrationInfo>
    		<Date>2016-08-08T09:15:22.5594209</Date>
    		<Author>ALPHA\nsmith</Author>
    		<URI>\Mytasks2\TEstBat</URI>
    	</RegistrationInfo>
    	<Triggers>
    		<SessionStateChangeTrigger>
    			<Enabled>true</Enabled>
    			<StateChange>SessionLock</StateChange>
    			<UserId>ALPHA\nsmith</UserId>
    		</SessionStateChangeTrigger>
    	</Triggers>
    	<Principals>
    		<Principal id="Author">
    			<UserId>S-1-5-21-9999999999999-1001</UserId>
    			<LogonType>S4U</LogonType>
    			<RunLevel>LeastPrivilege</RunLevel>
    		</Principal>
    	</Principals>
    	<Settings>
    		<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    		<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
    		<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    		<AllowHardTerminate>true</AllowHardTerminate>
    		<StartWhenAvailable>false</StartWhenAvailable>
    		<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    		<IdleSettings>
    			<StopOnIdleEnd>true</StopOnIdleEnd>
    			<RestartOnIdle>false</RestartOnIdle>
    		</IdleSettings>
    		<AllowStartOnDemand>true</AllowStartOnDemand>
    		<Enabled>false</Enabled>
    		<Hidden>false</Hidden>
    		<RunOnlyIfIdle>false</RunOnlyIfIdle>
    		<WakeToRun>false</WakeToRun>
    		<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    		<Priority>7</Priority>
    	</Settings>
    	<Actions Context="Author">
    		<Exec>
    			<Command>d:\test\test.bat</Command>
    		</Exec>
    	</Actions>
    </Task>


    \_(ツ)_/


    • Edited by jrv Monday, October 16, 2017 1:25 PM
    Monday, October 16, 2017 1:23 PM
  • Thanks, I have a working XML of what I need. I created that with no issue within the GUI of task scheduler. I think as you have said the 2 system accounts I tried do not have the correct permissions.

    Good point about the trigger running as the locked user.

    Sorry, when I mentioned the password comment I should have been more clear. I was under the assumption that I would need to enter credentials on running a PowerShell script to import the XML file into other machines task scheduler. This would be done via SCCM and just point to a script to run. I wouldn't want to store credentials.

    Monday, October 16, 2017 4:32 PM
  • SCCM doesn't require credentials.  Just use "loggedOn User" instead of "this user".  SCCM has sufficient permissions to import the XML and can set the execution account.  You don't need to do that with PowerShell.  Two tasks. One imports the script and the second sets the execution account. Don't use SYSTEM or SERVICE accounts.  Use a regular account on the local system and you won't need a password. 


    \_(ツ)_/

    • Marked as answer by Rocketrs8 Monday, October 16, 2017 6:21 PM
    Monday, October 16, 2017 4:49 PM