none
Batch/Powershell file wont run via Task Scheduler RRS feed

  • Question

  • Hello,

    I'm having trouble getting my Powershell file to run from Task Schedule during logoff. In short, I'm trying to upload my NTUSER.DAT (roaming profile) to my profiles folder on the file server. Dynamic VLAN switching does not support roaming profiles thus I have to use a script to solve this issue.

    My powershell script is as follows:

    start-sleep -s 15
    
    Set-Content -Path "C:\Temp\log.txt" -Value "Hello World"
    
    $FileServer = 10.10.5.5
    $FQDN = "$Env:UserDomain"
    $User = Get-WmiObject -Class Win32_NetworkLoginProfile | Sort-Object -Property LastLogon -Descending | Select-Object -Property * -First 1 | Where-Object {$_.LastLogon -match "(\d{14})"} | Foreach-Object { New-Object PSObject -Property @{ Name=$_.Name.TrimStart("$FQDN\") }} | Select -ExpandProperty Name
    
    
    copy-item -path  C:\Users\$User\NTUSER.DAT -destination \\$FileServer\Profiles$\$user.V2\ -force
    copy-item -path  C:\Users\$User\NTUSER.DAT -destination \\$FileServer\Profiles$\$user.V3\ -force

    I have a task schedule to run as Domain Admin when event ID 4647 occurs (logoff). It is set to run with the Highest Privileges checked, also I have enabled to run weather the user is logged in or no. The Domain Admin account also has access to ever file, both at source and destination. Set-ExecutionPolicy is set to unrestricted. The way I call the powershell script in Task Scheduler is:

    Action: Start a program

    Program/Script: C:\temp\launch.bat

    The launch.bat contains the following:

    Powershell.exe -executionpolicy unrestricted -File "CALL C:\temp\powershell.ps1"

    The task is triggered each time when the user logs off, I have confirmed this in the logs. But the NTUSER.DAT file fails to copy over to the network, in fact the log.txt file isn't even generated. I have confirmed my code to work, it's just the task scheduler part calling the code where I think it fails.

    Can you guys point me in the right direction here? I know I'm close, but not sure what I'm missing. 



    • Edited by Mustafa-s Tuesday, December 9, 2014 3:40 PM
    Tuesday, December 9, 2014 3:31 PM

Answers

  • Jrv,

    Yes in my testing the task schedule is unreliable, I don't have any info on how long the profile is locked, thus I can't copy the profile to the server when the OS still has it locked.

    What do you propose I change my vlan configuration to?

    Thanks.

    What you are trying to do cannot be done.  That is why it is not being done.  If you set up roaming profiles and redirected folders this would happen automatically.  It would also happen very quickly.  THat is because Windows posts cahnges to teh roamed image as they happen.  Only changes are copied. Items in teh registry which are only valid during logon (Dynamic Entries) are nver copied so updates that are not needed are not posted.  It is these updates thaat can keep the registry locked for a very long time.

    If you scan your network you will likely find hives thaat are loaded with no one logged in.  WIndows 7 and later have a utility that forces and unload after a few minutes.  It posts the reson for the forced unload to the event log.

    As for the VLAN it is likely not configured correctly.  THe profile must be on a server that is available on the same net ID as the PC.  YOu may also have to allow the switch to suspend if you are using per-user conenctions.  Contact the VLAN vendor and tell them about issues with Roamed profiles.  THey will walk you through the setup.  THe most common issue is thaat the switch specifies 1Gb and the server is set to 100Mb and the switch is not set to match the speed.  THisis a simplpe configuration error done by a tech who does not have much experience with VLANs.  THey tend to think that setting everything to 1Gb or some other maximum will work but it won't.  It can also be caused by a files server with a 1Gb card that is a pront spooler spooling to a 100 or 10Mb older printer. This disrupts the card and the VLAN cannot attach to it until the spooler is dona nd the card can switch.  It can also be caused by a bad card or a bad switch.

    Then VLAN vendors techs are usually very good at troubleshooting this kind of issue.  Remote VLAN logging and diagnostics can also pick out the issue.


    ¯\_(ツ)_/¯

    • Marked as answer by Mustafa-s Friday, December 19, 2014 4:59 PM
    Friday, December 19, 2014 4:50 PM

All replies

  • Hi,

    When I schedule PS scripts I point Program/Script at powershell.exe and use -File C:\path\to\script.ps1 as the argument. That way there's no need for a batch wrapper.


    Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)

    • Proposed as answer by jrv Tuesday, December 9, 2014 4:05 PM
    • Unproposed as answer by Bill_StewartModerator Tuesday, December 9, 2014 6:08 PM
    Tuesday, December 9, 2014 3:43 PM
  • Hi Mike,

    I'm now able to get the Powershell to launch EACH time I log off using my method, I had to modify the batch file as such:

    Powershell.exe -executionpolicy unrestricted -file "C:\temp\powershell.ps1" >> error.log

    Now that I have that working, it seems like there is now an issue with my powershell code. It fails to copy the NTUSER.DAT (or any other file for that matter) when the destination is set to a variable (instead of hardcoding - which works).

    The log.txt file gets crated, but the copy parts fails.


    • Edited by Mustafa-s Tuesday, December 9, 2014 4:39 PM
    Tuesday, December 9, 2014 4:38 PM
  • You can't copy ntuser.dat while you are logged on because Windows opens the file in exclusive mode.


    -- Bill Stewart [Bill_Stewart]

    Tuesday, December 9, 2014 4:41 PM
    Moderator
  • Hi Bill,

    It takes roughly 10 seconds for me to log off (from the time I click on logoff). My powershell script waits 15 seconds and then it attempts to copy the files. I assume my script starts running when I finally see the ctrl-alt-del screen, which by then the NTUSER.DAT should not be open by Windows?

    Tuesday, December 9, 2014 5:54 PM
  • That's making assumptions about how long Windows will keep the file open. That is an implementation detail that I doubt is documented anywhere. I think you should probably pursue other options (such as exporting the registry data other ways) rather than trying to copy ntuser.dat. But in any case, this is a user profile management question, not a scripting question.

    -- Bill Stewart [Bill_Stewart]

    Tuesday, December 9, 2014 6:00 PM
    Moderator
  • Thank you Bill, appreciate the feedback. I'll dig up more info about the timing and see if I should persue other options.

    Tuesday, December 9, 2014 6:05 PM
  • Roamed profiles are automatically copued to the network by user for every session.


    ¯\_(ツ)_/¯

    Tuesday, December 9, 2014 7:36 PM
  • Roamed profiles are automatically copued to the network by user for every session.


    ¯\_(ツ)_/¯

    Yes you're correct Jrv, but when using Dynamic VLAN switching this is not the case as it fails.
    Tuesday, December 9, 2014 10:03 PM
  • Then that means you need to fix your vlan configuration.  The profiel is locked and can remain locked for a very long time.  The task scheduler will not help you with this.  It may work but it will always be unreliable as you haev already seen.


    ¯\_(ツ)_/¯

    Tuesday, December 9, 2014 10:05 PM
  • Jrv,

    Yes in my testing the task schedule is unreliable, I don't have any info on how long the profile is locked, thus I can't copy the profile to the server when the OS still has it locked.

    What do you propose I change my vlan configuration to?

    Thanks.

    Friday, December 19, 2014 4:33 PM
  • This is not the right forum for vlan configuration questions. This is a scripting forum.


    -- Bill Stewart [Bill_Stewart]

    Friday, December 19, 2014 4:45 PM
    Moderator
  • Got it, thank you Bill. I'll take my question to the appropriate forum.
    Friday, December 19, 2014 4:47 PM
  • Jrv,

    Yes in my testing the task schedule is unreliable, I don't have any info on how long the profile is locked, thus I can't copy the profile to the server when the OS still has it locked.

    What do you propose I change my vlan configuration to?

    Thanks.

    What you are trying to do cannot be done.  That is why it is not being done.  If you set up roaming profiles and redirected folders this would happen automatically.  It would also happen very quickly.  THat is because Windows posts cahnges to teh roamed image as they happen.  Only changes are copied. Items in teh registry which are only valid during logon (Dynamic Entries) are nver copied so updates that are not needed are not posted.  It is these updates thaat can keep the registry locked for a very long time.

    If you scan your network you will likely find hives thaat are loaded with no one logged in.  WIndows 7 and later have a utility that forces and unload after a few minutes.  It posts the reson for the forced unload to the event log.

    As for the VLAN it is likely not configured correctly.  THe profile must be on a server that is available on the same net ID as the PC.  YOu may also have to allow the switch to suspend if you are using per-user conenctions.  Contact the VLAN vendor and tell them about issues with Roamed profiles.  THey will walk you through the setup.  THe most common issue is thaat the switch specifies 1Gb and the server is set to 100Mb and the switch is not set to match the speed.  THisis a simplpe configuration error done by a tech who does not have much experience with VLANs.  THey tend to think that setting everything to 1Gb or some other maximum will work but it won't.  It can also be caused by a files server with a 1Gb card that is a pront spooler spooling to a 100 or 10Mb older printer. This disrupts the card and the VLAN cannot attach to it until the spooler is dona nd the card can switch.  It can also be caused by a bad card or a bad switch.

    Then VLAN vendors techs are usually very good at troubleshooting this kind of issue.  Remote VLAN logging and diagnostics can also pick out the issue.


    ¯\_(ツ)_/¯

    • Marked as answer by Mustafa-s Friday, December 19, 2014 4:59 PM
    Friday, December 19, 2014 4:50 PM
  • Thank you jrv, you have been very helpful. I'll further emphasize on your suggestion in the VLAN forum. I know my hacked "solution" is not supported by Microsoft, and I understand why but I need to find a way a solution nonetheless, as surgical as it may be.

    Friday, December 19, 2014 5:00 PM