none
Find PowerShell script with specific action RRS feed

  • Question

  • Hello all,

    I'm trying to find a specific PowerShell task with an action which executes a .vbs with the argument "-R"
    In detail: The action (or Task To Run) is: "C:\Program Files (x86)\SyncToy 2.1\synctoy.vbs" -R

    Now I am on a server in the company network and want to scan a client for this task. To get the task by name is no issue at all on my own client because I renamed the  task. But I can't use the name as search argument.

    Is there any way to get all scheduled tasks on a client in the network which have the specific action and disable them?

    Best regards,
    Phillip

    Monday, October 19, 2015 9:46 AM

Answers

All replies

  • Yes - use SCHTASKS and dump the XML for all tasks and use the XML DOM to query the XML for the action.


    \_(ツ)_/

    Monday, October 19, 2015 9:54 AM
  • Hi,

    Thank you for your answer. I'm already playing with that. But when I found the action, how can I pick out the task its attached to?

    And the XML dump is broken:

    I can't process it in the powershell because of an unexpected XML-Declaration. The dump starts with the name of the task:

    <!-- \GoogleUpdateTaskMachineCore --> #Task 1 here
    <?xml version="1.0" encoding="UTF-16"?>

    <Task version="1.1" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">

     [...]

    </Task>

    <!-- \GoogleUpdateTaskMachineUA --> #Task 2 here
    <?xml version="1.0" encoding="UTF-16"?>

    [...]


    • Edited by Alquantor Monday, October 19, 2015 11:38 AM
    Monday, October 19, 2015 11:33 AM
  • SCHTASKS /query /XML one | Out-File <file.xml> -Enc ascii


    \_(ツ)_/

    Monday, October 19, 2015 12:11 PM
  • This is the easiest way to do this:

    [xml]$xml=Get-Content tasks.xml
    [System.Xml.XmlNamespaceManager] $nsmgr = $xmldoc.NameTable
    $nsmgr.AddNamespace('x','http://schemas.microsoft.com/windows/2004/02/mit/task')
    $nodes=$xml.SelectNodes('//x:Task[.//x:Command[contains(text(),"C:\Program Files (x86)\SyncToy 2.1\synctoy.vbs")]]',$nsmgr)
    $nodes[0].Actions.Exec
    $nodes[0].RegistrationInfo.Uri


    \_(ツ)_/

    Monday, October 19, 2015 12:52 PM
  • In PowerShell we canactually do this with one line:

    $string='C:\Program Files (x86)\SyncToy 2.1\synctoy.vbs'
    $XPath=@{
    	Path='tasks.xml'
    	XPath="//x:Task[.//x:Command[contains(text(),'$string')]]"
    	Namespace=@{x='http://schemas.microsoft.com/windows/2004/02/mit/task'}
    }
    Select-Xml @XPath


    \_(ツ)_/




    • Edited by jrv Monday, October 19, 2015 1:03 PM
    Monday, October 19, 2015 12:56 PM
  • Hello,

    I solved it this way:

    schtasks.exe /query /v /fo csv | convertfrom-csv | Where {$_."Task To Run" -like "*SyncToyCmd.exe*" -or $_."Task To Run" -like "*synctoy.vbs*"};

    Storing this in a variable works.

    But do you notice $_."Task To Run" ? This works only on systems with the language in English. On my one, configured in German I have to use $_."Auszuführende Aufgabe". Is there a way that the English $_."Task To Run" works on German systems, too?

    Kind regards,
    Phillip

    Monday, October 19, 2015 12:58 PM
  • Another option is the Get-ScheduledTask.ps1 script in this article:

    Windows IT Pro - How-To: Use PowerShell to Report on Scheduled Tasks

    It uses the COM object to retrieve scheduled task and outputs PSObjects. The command would be something like:


    PS C:\> Get-ScheduledTask | Where-Object { $_.Action -like "SyncToy*" }
    


    -- Bill Stewart [Bill_Stewart]


    Monday, October 19, 2015 5:58 PM
    Moderator
  • The XML tags are the same in English and German.  The values may be different.

    THe taks name is in "Uri". $nodes[0].RegistrationInfo.Uri


    \_(ツ)_/

    Monday, October 19, 2015 7:45 PM
  • Hi jrv,

    But I'm not using XML anymore. I switched over to the CSV-to-PS_object format. And there my results depend on the system language:

    If the client language is in English I have to query the stuff with English keywords ($_.TaskToRun)

    If the client language is in German I have to query the stuff with German keyworkds ($_."Auszuführende Aufgabe")

    Tuesday, October 20, 2015 7:34 AM
  • Hi Bill,

    Thank you for mentioning that, the article is already part of my bookmarks.

    I'm not sure if I can use it because it's not suitable to install the script on all clients in our network .

    Tuesday, October 20, 2015 7:35 AM
  • Use XML.  You will have issues with any other method.  You are also not asking a specific question.

    I gave you the method for using XML.


    \_(ツ)_/

    Tuesday, October 20, 2015 7:37 AM
  • Here.  This is the best I can do right now.

    schtasks.exe /query /v /fo csv |
         ConvertFrom-Csv|
         where{$_.'Task To Run' -match 'adobe'} |
         select taskname


    \_(ツ)_/


    • Edited by jrv Tuesday, October 20, 2015 7:42 AM
    Tuesday, October 20, 2015 7:41 AM
  • Hi,

    Thank you - But I have the script already. I only have the issues with language of the keyword $_."Task To Run"

    Tuesday, October 20, 2015 7:44 AM
  • I'm not sure if I can use it because it's not suitable to install the script on all clients in our network .

    You don't need to install anything. The script can query remote computers. You only need the script on a single computer.


    -- Bill Stewart [Bill_Stewart]

    Tuesday, October 20, 2015 2:12 PM
    Moderator