scheduled tasks don't show up in Get-ScheduledTask result - powershell

I have defined some scheduled task using Windows Task Scheduler GUI under "" [default] path but when i run Get-ScheduledTask in powershell, it does not return them. why?
I have tried with Get-ScheduledTask -TaskName "MyTaskName" with one of my task name but it comes up with "No MSFT_ScheduledTask objects found with property 'TaskName' equal to 'MyTaskName'"
Actually I have tried https://library.octopusdeploy.com/step-template/actiontemplate-windows-scheduled-task-disable but it doesn't work so I have tried running script directly.
UPDATE
I have found the following script to get task list on http://www.fixitscripts.com/problems/getting-a-list-of-scheduled-tasks:
# PowerShell script to get scheduled tasks from local computer
$schedule = new-object -com("Schedule.Service")
$schedule.connect()
$tasks = $schedule.getfolder("\").gettasks(0)
$tasks | Format-Table Name , LastRunTime # -AutoSize
IF($tasks.count -eq 0) {Write-Host “Schedule is Empty”}
Read-Host

UAC
The result is likely affected by UAC. To see everything try right clicking the PowerShell icon, select Run as Administrator and then run your Get-ScheduledTask command again and see if that changes anything.
Further reading: http://david-homer.blogspot.co.uk/2017/10/not-all-scheduled-tasks-show-up-when.html

Have you tried using a com object? This code works for me:
# FOR A REMOTE MACHINE
$s = 'SERVER_NAME' # update this with server name
($TaskScheduler = New-Object -ComObject Schedule.Service).Connect($s)
# FOR LOCAL MACHINE
($TaskScheduler = New-Object -ComObject Schedule.Service).Connect()
#now we can query the schedules...
cls;$TaskScheduler.GetFolder('\').GetTasks(0) | Select Name, State, Enabled, LastRunTime, LastTaskResult | Out-GridView
This code will retrieve a particular task and enable it:
$task = $TaskScheduler.GetFolder('\').GetTask("TASKNAME")
$task.Enabled = $true

When running Get-ScheduledTask from a user-level prompt, even if the user is an administrator, they will see only the tasks that they can read with user-level permissions. Seeing them in the TaskSchd.Msc window indicates that program is running with different permissions.
Therefore, running a PowerShell prompt as administrator solves the problem.
The same issue occurs when using SchTasks.exe from a command prompt.

Related

Why don't the applications run by Powershell appear on remote desktop but appear in task manager? [duplicate]

I've created a pssession on a remote computer and entered that possession. From within that session I use start-process to start notepad. I can confirm that notepad is running with the get-process command, and also with taskmgr in the remote computer. However, the GUI side of the process isn't showing. This is the sequence I've been using:
$server = New-PSSession -ComputerName myserver -Credential mycreds
Enter-PSSession $server
[$server]: PS C:\>Start-Process notepad -Wait -WindowStyle Maximized
The process is running, but while RDP'd to the box, notepad does not open. If I open notepad from the server, a new notepad process begins. I also tried by using the verb parameter like this:
[$server]: PS C:\>Start-Process notepad -Wait -WindowStyle Maximized -Verb Open
Same result tho... Process starts, but no notepad shows. I've tried this while remoted into the box (but issued from my local host) as well as before remoting into the server.
That is because your powershell session on the remote machine does not go to any visible desktop, but to an invisible system desktop. The receiving end of your powershell remote session is a Windows service. The process is started, but nor you nor anyone else can ever see it.
And if you think about it, since multiple users could RDP to the same machine, there is really no reason to assume a remote powershell session would end up showing on any of the users desktops. Actually, in almost all cases you wouldn't want it anyway.
psexec with the -i parameter is able to do what you want, but you have to specify which of the sessions (users) you want it to show up in.
I know this is old, but I came across it looking for the solution myself so I wanted to update it for future poor souls.
A native workaround for this problem is to use a scheduled task. That will use the active session
function Start-Process-Active
{
param
(
[System.Management.Automation.Runspaces.PSSession]$Session,
[string]$Executable,
[string]$Argument,
[string]$WorkingDirectory,
[string]$UserID
)
if (($Session -eq $null) -or ($Session.Availability -ne [System.Management.Automation.Runspaces.RunspaceAvailability]::Available))
{
$Session.Availability
throw [System.Exception] "Session is not availabile"
}
Invoke-Command -Session $Session -ArgumentList $Executable,$Argument,$WorkingDirectory,$UserID -ScriptBlock {
param($Executable, $Argument, $WorkingDirectory, $UserID)
$action = New-ScheduledTaskAction -Execute $Executable -Argument $Argument -WorkingDirectory $WorkingDirectory
$principal = New-ScheduledTaskPrincipal -userid $UserID
$task = New-ScheduledTask -Action $action -Principal $principal
$taskname = "_StartProcessActiveTask"
try
{
$registeredTask = Get-ScheduledTask $taskname -ErrorAction SilentlyContinue
}
catch
{
$registeredTask = $null
}
if ($registeredTask)
{
Unregister-ScheduledTask -InputObject $registeredTask -Confirm:$false
}
$registeredTask = Register-ScheduledTask $taskname -InputObject $task
Start-ScheduledTask -InputObject $registeredTask
Unregister-ScheduledTask -InputObject $registeredTask -Confirm:$false
}
}
When you use New-PSSession and then RDP into that same computer, you're actually using two separate and distinct user login sessions. Therefore, the Notepad.exe process you started in the PSSession isn't visible to your RDP session (except as another running process via Task Manager or get-process).
Once you've RDP'd into the server (after doing what you wrote in your post), start another Notepad instance from there. Then drop to PowerShell & run this: get-process -name notepad |select name,processid
Note that there are two instances, each in a different session.
Now open up Task Manager and look at the user sessions. Your RDP session will probably be listed as session 1.
Now quit Notepad and run get-process again. You'll see one instance, but for session 0. That's the one you created in your remote PSSession.
There are only 2 workarounds that I know of that can make this happen.
Create a task schedule as the logged in user, with no trigger and trigger it manually.
Create a service that starts the process with a duplicated token of the logged in user.
For the task schedule way I will say that new-scheduledtask is only available in Windows 8+. For windows 7 you need to connect to the Schedule Service to create the task like this (this example also starts the task at logon);
$sched = new-object -ComObject("Schedule.Service")
$sched.connect()
$schedpath = $sched.getFolder("\")
$domain = "myDomain"
$user="myuser"
$domuser= "${domain}\${user}"
$task = $sched.newTask(0) # 0 - reserved for future use
$task.RegistrationInfo.Description = "Start My Application"
$task.Settings.DisallowStartIfOnBatteries=$false
$task.Settings.ExecutionTimeLimit="PT0S" # there's no limit
$task.settings.priority=0 # highest
$task.Settings.IdleSettings.StopOnIdleEnd=$false
$task.settings.StopIfGoingOnBatteries=$false
$trigger=$task.Triggers.create(9) # 9 - at logon
$trigger.userid="$domuser" # at logon
$action=$task.actions.create(0) # 0 - execute a command
$action.path="C:\windows\system32\cmd.exe"
$action.arguments='/c "c:\program files\vendor\product\executable.exe"'
$action.WorkingDirectory="c:\program files\vendor\product\"
$task.principal.Id="Author"
$task.principal.UserId="$domuser"
$task.principal.LogonType=3 # 3 - run only when logged on
$task.principal.runlevel=1 # with elevated privs
# 6 - TASK_CREATE_OR_UPDATE
$schedpath.RegisterTaskDefinition("MyApplication",$viztask,6,$null,$null,$null)
Creating a service is way more complicated, so I'll only outline the calls needed to make it happen. The easy way is to use the invoke-asservice script on powershell gallery: https://www.powershellgallery.com/packages/InvokeAsSystem/1.0.0.0/Content/Invoke-AsService.ps1
Use WTSOpenServer and WTSEnumerateSessions to get the list of sessions on the machine. You also need to use WTSQuerySessionInformation on each session to get additional information like username. Remember to free your resources using WTSFreeMemory and WTSCloseServer You'll end up with some data which looks like this (this is from the qwinsta command);
SESSIONNAME USERNAME ID STATE
services 0 Disc
>rdp-tcp#2 mheath 1 Active
console 2 Conn
rdp-tcp 65536 Listen
Here's an SO post about getting this data; How do you retrieve a list of logged-in/connected users in .NET?
This is where you implement your logic to determine which session to target, do you want to display it on the Active desktop regardless of how it's being presented, over RDP or on the local console? And also what will you do if there is no one logged on? (I've setup auto logon and call a lock desktop command at logon so that a logged in user is available.)
You need to find the process id of a process that is running on the desktop as that user. You could go for explorer, but your machine might be Server Core, which explorer isn't running by default. Also not a good idea to target winlogon because it's running as system, or dwm as it's running as an unprivileged user.
The following commands need to run in a service as they require privileges that only system services have. Use OpenProcess to get the process handle, use OpenProcessToken to get the security token of the process, duplicate the token using DuplicateTokenEx then call ``CreateProcessAsUser``` and finally Close your handles.
The second half of this code is implemented in invoke-asservice powershell script.
You can also use the sysinternals tool psexec, I didn't list it as a 3rd way because it just automates the process of creating a service.

Running Command as Administrator from a SYSTEM Process

So I need to clear a user's run dialog history which I can do perfectly fine with "reg delete HKEY_CURRENT_USER\Software\Windows etc..." from an elevated powershell window on the logged in user's machine, but what I'm looking to do is that same command but from a SYSTEM powershell process. I have already used psexec to create a powershell window which runs as SYSTEM, but because you can't just use HKEY_CURRENT_USER as SYSTEM with the same results, I am finding it quite difficult. If I could just run that command but as username\Administrator then I wouldn't have this problem.
Also to note, if I can somehow grab the username of the logged on user (from SYSTEM still) in one line in plain text (with no other output in sight), then I can store the username in a variable and convert that to an SID and use HKEY_USERS instead.
P.S. Don't ask why I'm running powershell as SYSTEM, I know what I'm doing :D
you can use get-process under the system context powershell and filter where explorer.exe process is running, get the account it is running under then use to convert to SID and go through the registry.
something like this assuming only 1 explorer.exe process is running which is the norm on windows client OS.
$proc = Get-CimInstance Win32_Process -Filter "name = 'explorer.exe'"
$owner = Invoke-CimMethod -InputObject $proc -MethodName GetOwner
$username = $owner.user
$username will contain the user, $owner will also contain domain and a few other things.
to convert to sid
$objUser = New-Object System.Security.Principal.NTAccount($owner.Domain, $owner.User)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

PowerShell scheduled task not converting CSV to EXCEL

I have a server health check script which i'm trying to get working by scheduled task.
The scheduled task has the following set for 'AddArguments"
Add Arguments: -NoLogo -ExecutionPolicy Bypass -File "C:\HealthCheck.ps1"
Everything in the server health portion of full script works fine to create the .csv report, except the last part, which does the CSV to excel conversion/save/close - I've not included the preceding code as it includes some confidential stuff, and i don't believe it's relevant.
When I run the script with the same ID, but from the GUI (not as a scheduled task) it works fine.
Note: The last part of the script definitely does launch excel briefly and performs the functions, and saves/closes it - i'm thinking the scheduled task isn't doing this because it's not supported by Microsoft?
I did find the following SpiceWorks post but the solution noted didn't resolve the issue for me in this case. That's where you create a DESKTOP folder under these paths depending on your version of Office (i'm using Office 2010 32-bit on Windows 7 x64 Pro)
C:\windows\system32\config\systemprofile
C:\windows\syswow64\config\systemprofile
Anyway, here's the code - Any help appreciated!
#Convert CSV to EXCEL, format, and save
#Create excel object
$xl = new-object -comobject excel.application
$xl.visible = $true
#Input
$Workbook = $xl.workbooks.open(“$Dir\Reports\SeverHealth-Results- $CurrentDate.csv”)
$worksheet = $workbook.worksheets.Item(1)
$xl.Rows.Item("2:2").Select()
$xl.ActiveWindow.FreezePanes = $true
$HeaderRow = $Worksheet.Range("A1:L1")
$HeaderRow.Font.Bold = $True
$HeaderRow.Font.Underline = $True
$range = $worksheet.UsedRange
$range.AutoFilter() | Out-Null
$range.EntireColumn.AutoFit() | Out-Null
$rowc = $WorkSheet.UsedRange.Rows.Count
$colc = $WorkSheet.UsedRange.Columns.Count
#Coloring
for ($z = 1; $z -le $rowc; $z++) {
$ActionReqCol = $worksheet.cells.item($z,7)
$ServerCol= $worksheet.cells.item($z,1)
if ($ActionReqCol.text -eq "YES") {
$ActionReqCol.interior.colorindex=3
$ACtionReqCol.font.colorindex=2
$ServerCol.interior.colorindex=3
$ServerCol.font.colorindex=2}}
#Save and close!
$EndDate = Get-Date
$EndDate = $EndDate.ToString('MM-dd-yyyy_hhmm')
$Worksheets = $Workbooks.worksheets
$xlFixedFormat = [Microsoft.Office.Interop.Excel.XlFileFormat]::xlWorkbookDefault
$Workbook.SaveAs($Dir + "\Reports\SeverHealth-Results-$EndDate.xls”, $XLFixedFormat)
$Workbook.Saved = $True
$xl.Quit()
Write the command to invoke the PowerShell with arguments in a batch file. I believe from the comments that you are already able to do this successfully. Configure the Task Scheduler to execute the batch file.
Other advantage of this is, you have reduced dependency. If later you want to make modifications to your command or alter arguments, then you will be able to do so without altering or even opening the Task Scheduler.
Update: #Kenny reported that running task scheduler's task with highest privilege resolved this. The script required elevated access and the same was provided by checking the check box in Task Scheduler to run the task with highest privilege.

Looking for info on how to change the settings on a scheduled task from powershell

I have some PowerShell scripts which are being ran daily using a scheduled task, the scheduled task is created using PowerShell itself and is all working quite nicely.
Id like to be able to add a setting into the scheduled task as follows:-
I want to be able to change the setting -> Stop the task if it runs longer than 3 days.
Can I change this setting somehow, I've managed to create the scheduled task in PowerShell and I can change the triggers, actions and so on but I cant see how to affect the Settings, without manually changing them inside task scheduler.
help from the below link:
http://powershell.com/cs/blogs/tips/archive/2013/06/21/changing-scheduled-tasks-with-powershell.aspx
Solution:
$service = New-Object -ComObject Schedule.Service
# Can connect remotely as well, currently doing it local
$service.Connect($env:COMPUTERNAME)
# navigate to desired folder where the scheduled task is in TaskScheduler
$folder = $service.GetFolder('\Microsoft\Windows\XXX_DestinationFolder_XXX')
# Get the desired task
$task = $folder.GetTask('XXX_TaskName_XXX')
$definition = $task.Definition
# Incase you are interested in changing more settings
# $definition | Get-Member
# for 10 days it is 'P10D', by default it is 3 days so it will be 'P3D'
$definition.Settings | Where-Object {$_.ExecutionTimeLimit = 'P10D'}
# finally updating
$folder.RegisterTaskDefinition($task.Name, $definition, 4, $null, $null, $null)
If you can upgrade to PowerShell 4.0 or later, you can use ScheduledTask CMDlets to create/update them. Here is an example for changing the Time Limit:
$STSet = New-ScheduledTaskSettingsSet -ExecutionTimeLimit 72:00:00
Set-ScheduledTask ScheduledTaskName -Settings $STSet

Powershell Using Start-Process in PSSession to Open Notepad

I've created a pssession on a remote computer and entered that possession. From within that session I use start-process to start notepad. I can confirm that notepad is running with the get-process command, and also with taskmgr in the remote computer. However, the GUI side of the process isn't showing. This is the sequence I've been using:
$server = New-PSSession -ComputerName myserver -Credential mycreds
Enter-PSSession $server
[$server]: PS C:\>Start-Process notepad -Wait -WindowStyle Maximized
The process is running, but while RDP'd to the box, notepad does not open. If I open notepad from the server, a new notepad process begins. I also tried by using the verb parameter like this:
[$server]: PS C:\>Start-Process notepad -Wait -WindowStyle Maximized -Verb Open
Same result tho... Process starts, but no notepad shows. I've tried this while remoted into the box (but issued from my local host) as well as before remoting into the server.
That is because your powershell session on the remote machine does not go to any visible desktop, but to an invisible system desktop. The receiving end of your powershell remote session is a Windows service. The process is started, but nor you nor anyone else can ever see it.
And if you think about it, since multiple users could RDP to the same machine, there is really no reason to assume a remote powershell session would end up showing on any of the users desktops. Actually, in almost all cases you wouldn't want it anyway.
psexec with the -i parameter is able to do what you want, but you have to specify which of the sessions (users) you want it to show up in.
I know this is old, but I came across it looking for the solution myself so I wanted to update it for future poor souls.
A native workaround for this problem is to use a scheduled task. That will use the active session
function Start-Process-Active
{
param
(
[System.Management.Automation.Runspaces.PSSession]$Session,
[string]$Executable,
[string]$Argument,
[string]$WorkingDirectory,
[string]$UserID
)
if (($Session -eq $null) -or ($Session.Availability -ne [System.Management.Automation.Runspaces.RunspaceAvailability]::Available))
{
$Session.Availability
throw [System.Exception] "Session is not availabile"
}
Invoke-Command -Session $Session -ArgumentList $Executable,$Argument,$WorkingDirectory,$UserID -ScriptBlock {
param($Executable, $Argument, $WorkingDirectory, $UserID)
$action = New-ScheduledTaskAction -Execute $Executable -Argument $Argument -WorkingDirectory $WorkingDirectory
$principal = New-ScheduledTaskPrincipal -userid $UserID
$task = New-ScheduledTask -Action $action -Principal $principal
$taskname = "_StartProcessActiveTask"
try
{
$registeredTask = Get-ScheduledTask $taskname -ErrorAction SilentlyContinue
}
catch
{
$registeredTask = $null
}
if ($registeredTask)
{
Unregister-ScheduledTask -InputObject $registeredTask -Confirm:$false
}
$registeredTask = Register-ScheduledTask $taskname -InputObject $task
Start-ScheduledTask -InputObject $registeredTask
Unregister-ScheduledTask -InputObject $registeredTask -Confirm:$false
}
}
When you use New-PSSession and then RDP into that same computer, you're actually using two separate and distinct user login sessions. Therefore, the Notepad.exe process you started in the PSSession isn't visible to your RDP session (except as another running process via Task Manager or get-process).
Once you've RDP'd into the server (after doing what you wrote in your post), start another Notepad instance from there. Then drop to PowerShell & run this: get-process -name notepad |select name,processid
Note that there are two instances, each in a different session.
Now open up Task Manager and look at the user sessions. Your RDP session will probably be listed as session 1.
Now quit Notepad and run get-process again. You'll see one instance, but for session 0. That's the one you created in your remote PSSession.
There are only 2 workarounds that I know of that can make this happen.
Create a task schedule as the logged in user, with no trigger and trigger it manually.
Create a service that starts the process with a duplicated token of the logged in user.
For the task schedule way I will say that new-scheduledtask is only available in Windows 8+. For windows 7 you need to connect to the Schedule Service to create the task like this (this example also starts the task at logon);
$sched = new-object -ComObject("Schedule.Service")
$sched.connect()
$schedpath = $sched.getFolder("\")
$domain = "myDomain"
$user="myuser"
$domuser= "${domain}\${user}"
$task = $sched.newTask(0) # 0 - reserved for future use
$task.RegistrationInfo.Description = "Start My Application"
$task.Settings.DisallowStartIfOnBatteries=$false
$task.Settings.ExecutionTimeLimit="PT0S" # there's no limit
$task.settings.priority=0 # highest
$task.Settings.IdleSettings.StopOnIdleEnd=$false
$task.settings.StopIfGoingOnBatteries=$false
$trigger=$task.Triggers.create(9) # 9 - at logon
$trigger.userid="$domuser" # at logon
$action=$task.actions.create(0) # 0 - execute a command
$action.path="C:\windows\system32\cmd.exe"
$action.arguments='/c "c:\program files\vendor\product\executable.exe"'
$action.WorkingDirectory="c:\program files\vendor\product\"
$task.principal.Id="Author"
$task.principal.UserId="$domuser"
$task.principal.LogonType=3 # 3 - run only when logged on
$task.principal.runlevel=1 # with elevated privs
# 6 - TASK_CREATE_OR_UPDATE
$schedpath.RegisterTaskDefinition("MyApplication",$viztask,6,$null,$null,$null)
Creating a service is way more complicated, so I'll only outline the calls needed to make it happen. The easy way is to use the invoke-asservice script on powershell gallery: https://www.powershellgallery.com/packages/InvokeAsSystem/1.0.0.0/Content/Invoke-AsService.ps1
Use WTSOpenServer and WTSEnumerateSessions to get the list of sessions on the machine. You also need to use WTSQuerySessionInformation on each session to get additional information like username. Remember to free your resources using WTSFreeMemory and WTSCloseServer You'll end up with some data which looks like this (this is from the qwinsta command);
SESSIONNAME USERNAME ID STATE
services 0 Disc
>rdp-tcp#2 mheath 1 Active
console 2 Conn
rdp-tcp 65536 Listen
Here's an SO post about getting this data; How do you retrieve a list of logged-in/connected users in .NET?
This is where you implement your logic to determine which session to target, do you want to display it on the Active desktop regardless of how it's being presented, over RDP or on the local console? And also what will you do if there is no one logged on? (I've setup auto logon and call a lock desktop command at logon so that a logged in user is available.)
You need to find the process id of a process that is running on the desktop as that user. You could go for explorer, but your machine might be Server Core, which explorer isn't running by default. Also not a good idea to target winlogon because it's running as system, or dwm as it's running as an unprivileged user.
The following commands need to run in a service as they require privileges that only system services have. Use OpenProcess to get the process handle, use OpenProcessToken to get the security token of the process, duplicate the token using DuplicateTokenEx then call ``CreateProcessAsUser``` and finally Close your handles.
The second half of this code is implemented in invoke-asservice powershell script.
You can also use the sysinternals tool psexec, I didn't list it as a 3rd way because it just automates the process of creating a service.