Running a local powershell script for all users using schtasks - powershell

Normally I use GPO to run scripts for all my users but I want to push out a powershell script and if certain conditions are not met, then it will create a schedule task for all users on that computer to run a local powershell script. (Needs to run with admin privs)
I am sure the solution is very simple but I just cannot get it to work.
I have tried all of the following including setting executionpolicy to unrestricted and moving where I am storing the script locally.
schtasks /create /f /ru "NT AUTHORITY\SYSTEM" /tn "MYTASK" /tr "powershell -file C:\ProgramData\script.ps1 -executionpolicy bypass" /sc onlogon
schtasks /create /f /tn "My Task Name" /ru Administrator /sc onlogon /tr "powershell.exe -noprofile -executionpolicy bypass -file C:\ProgramData\script.ps1"
I have also tried a .cmd file and .bat file with the following in them and calling them with the schtasks above:
powershell.exe -noprofile -executionpolicy bypass -file C:\ProgramData\script.ps1
schtasks /create /f /tn "My Task Name" /ru Administrator /sc onlogon /tr "C:\ProgramData\script.bat"
Any help is appreciated.

Related

Schedule a Task to delete another task

I have a scheduled task in EC2 windows server 2019 that runs on start and I would like to delete after it finishes.
I tried to schedule a task to delete it but the task kept running without deleting the other one, but the scripts work from Powershell directly.
SCHTASKS /Delete /TN AfterRestartSetup /F
I tried to add /z to delete the task right after it is done but it did not work.
schtasks /create /tn "AfterRestartSetup" /sc onstart /z /rl highest /ru system /tr "powershell.exe -file C:\scripts\setup\AfterRestartSetup.ps1"
I also tried to unregister but it didn't work also:
Unregister-ScheduledTask -TaskName "AfterRestartSetup" -Confirm:$false
You can disable a task like this:
Disable-ScheduledTask -TaskPath "\your-user\" -TaskName "your-task-name"
Add the above line to a text file and save it with ps1 extension. Then create a task on Task Scheduler. In the General tab (of properties window), make sure you check Run with highest privileges. The Action should be Start a program where the Program/script is Powershell.exe and the argument has a complete path to the ps1 file you created earlier (e.g. C:\Scripts\myTask.ps1).

Schedule Task with schtasks

I created a script that creates a scheduled task GPUpdate /Force to be executed from a Windows server machine to a Windows 10 machine "Beta" but the script is not executed and an error shows up:
starttime is not valid
Below you will find my script:
schtasks /Create /S Client.Admin.6NLG-AD /U Admin.6NLG-AD\Beta /P ******** /SC MINUTE /MO 1 /TN Update /TR "GPUpdate /Force" /ST defaults

Run PowerShell script in Vagrant

I use this command to run script in Vagrant via PowerShell
vagrant.exe powershell -c "SchTasks /Create /TN 'InstallTask' /SC ONCE /ST 23:59 /IT /RL HIGHEST /TR 'powershell -Command c:/vagrant/I_O.ps1' /F | Out-Host; SchTasks /Run /TN 'InstallTask' | Out-Host;"
But it works only if I start it manually from PowerShell ISE and as a separate command.
I want to use it inside this script block
# Run Vagrant
vagrant up
# Run PowerShell in Vagrant
vagrant.exe powershell -c "Set-Location C:\vagrant"
#Set policy to Unrestricted
vagrant.exe powershell -c "Set-ExecutionPolicy Unrestricted -Force"
# Install Chocolatey
vagrant.exe powershell -c "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))"
# Turn off confirmation in Chocolatey
vagrant.exe powershell -c "chocolatey feature enable -n=allowGlobalConfirmation"
# Install .net 3.5
vagrant.exe powershell -c "choco install dotnet3.5 -force"
# Run O installation script
vagrant.exe powershell -c "SchTasks /Create /TN 'InstallTask' /SC ONCE /ST 23:59 /IT /RL HIGHEST /TR 'powershell -Command c:/vagrant/I_O.ps1' /F | Out-Host; SchTasks /Run /TN 'InstallTask' | Out-Host;"

Access Certificate Store from LocalService Account

Is there any way to access and view the certificate store of the LocalService account?
I would like to add and delete certificates. (Using Windows Server 2008 R2)
I tried:
runas /user:"NT AUTHORITY\LocalService" mmc.exe
Also:
schtasks /create /sc once /st 09:36 /f /tr mmc.exe /tn taskname /ru LOCALSERVICE
schtasks /run /TN "taskname"
Without luck :(
Someone here suggested using PsExec for running commands with a service account.
Run psexec as administrator:
psexec -i -u "nt authority\local service" cmd.exe
In the new command window run:
certmgr.msc
I do not know if this will solve you problem, it is just a suggestion...

Windows schedules task creation issue with powershell

I'm trying to script windows scheduled task creation with powershell, where the schedules tasks call powershell scripts that are in a directory that contains a space. So i need to create with a /tr argument like powershell.exe -noninteractive -command "& 'c:\temp\program files\a.ps1'"
Here is a sample of what i have tried
# Create the script file the schedule task will call, note path contains a space
'set-content c:\temp\program files\a.log "Just done # $(get-date)"' > 'c:\temp\program files\a.ps1'
$scriptFilePath = 'c:\temp\program files\a.ps1';
$userName = read-host 'user name'; # will need log on as batch rights
$userPassword = read-host 'user password';
# The following looks good but schtasks args gets messed up so no creation
$taskToRun = "c:\windows\system32\windowspowershell\v1.0\powershell.exe -noninteractive -command `"& '$scriptFilePath'`"";
$taskToRun
schtasks /create /tn 'ATest' /ru $userName /rp $userPassword /sc MINUTE /mo 1 /st '00:00' /f /tr $taskToRun;
# Gets imported but mangles the tr so instead of
$taskToRun = 'c:\windows\system32\windowspowershell\v1.0\powershell.exe -noninteractive -command \"& ''' + $scriptFilePath + '''\"';
$taskToRun
schtasks /create /tn 'ATest' /ru $userName /rp $userPassword /sc MINUTE /mo 1 /st '00:00' /f /tr $taskToRun;
If anyone knows how to escape correctly, i would appreciate a hint
Thanks in advance
Pat
I'd trade the -command option for -file:
$taskToRun = "c:\windows\system32\windowspowershell\v1.0\powershell.exe -noninteractive -file ""$scriptFilePath"""
Also, the PowershellPack has a TaskScheduler module that's makes task scheduling much easier:
http://archive.msdn.microsoft.com/PowerShellPack
[UPDATE] Thanks
Perfect, just needed to escape with a single quote rather than double quote
$taskToRun = "c:\windows\system32\windowspowershell\v1.0\powershell.exe -noninteractive -file '$scriptFilePath'";