I have a script which I have to run frequently, but the exact moment is user-driven so I cannot use a scheduled task etc.
This script has to run with Admin-privileges (my account already has admin rights) so I cannot simply launch the script.
Is there anye way to "self-elevate" this script?
very simple example:
ECHO "I would like to have admin rights to recycle the app-pool"
pause
There is no way of self-elevation. But you are quite close to the solution. Create a task with the scheduler and then trigger it with another bat file like this:
SCHTASKS /U "user name" /P "password" /TN "Yourtaskname"
Or you can give a normal user the rights to run a task and skip /U "user name" /P "password".
Related
We are trying to execute a powershell script that will import a scheduled task to non domain and domain joined computers in our organization. The task is simply to disable wifi adapter when an ethernet cable is connected. I exported the task as a .xml and then can get the task to run as admin and complete successfully. However when we attempt to run logged in as normal user, the UAC box pops up asking for admin username and password. I created the task as both domain admin and local admin accounts and tried both, with same result when running the .bat as normal user.
This is my script so far (I have no previous experience in writing powershell):
Copy-Item -Path D:\WiFi -Destination C:\PCM\Utils -Recurse;
schtasks /create /tn "Ethernet On-Disable Wifi" /xml "C:\PCM\Utils\WiFi\Ethernet On-Disable Wifi.xml" /ru Domain\admin /rp domainpw;
schtasks /create /tn "Ethernet Off-Enable Wifi" /xml "C:\PCM\Utils\WiFi\Ethernet Off-Enable Wifi.xml" /ru Domain\admin /rp domainpw;
*
I'd like to be able to run this as %computername%\localadmin as that account is on all laptops...
The first line copies a folder with the .xml from a thumb drive to a folder on laptop. Then it creates the tasks. If I am logged into the laptop as admin, the batch runs fine, but as a local user, it fails with the following:
Error Image
Basically, it copies the folder fine, then ERROR: Access is denied.
I'm pretty sure its because the user logged in does not have rights to create the task. Is there a way to have the task run as localadmin and complete?
We run this .bat file to fire off the .ps1 from the folder that gets copied to laptop.
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& 'D:\WifiTask\WifiTask.ps1'"
pause
Sorry if the description of this issue is vague or confusing, just trying to learn as I go....thanks
No, a normal user will not be able to create a system scheduled task without getting prompted for elevation by UAC.
For domain computers, you could try:
Group policy to create the scheduled task
Group policy to run your script as the local system user
Script that connects to computers as Admin user and pushes your xml and wifitask.ps1 like Invoke-Command
Off-domain PCs are more difficult, you would want to do it the same way you currently install other software. Manually run as-admin? Software deployment agent? Remote management tools?
I am trying to schedule a script to run when I'm not present at my computer. The script has to run with administrator rights AND run in the foreground so that I can see any message or window that is created when I get back to the computer.
The problem is that scheduled system scripts run in the background, this resulting in no visible window or console to show me any results.
here is the command i use to create my scheduled task (using powershell):
SchTasks /Create /SC ONIDLE /I 1 /TN MyScheduledTask /TR "Powershell scheduler.ps1" /RU "System"
All I need is some way to make some (or all if that's easier) of the commands in the script to become visible in the foreground to the user.
Thanks for any feedback.
When running scheduled tasks under the system account, they will run in the background.
You are running the task under System, /RU "System" use /RU with your username and /RP for your user password.
Please also take a look at this question: Powershell Task Scheduler Stuck Running
Hopefully a nice simple question but I haven't been able to find the solution online. How do I enable the option Run task as soon as possible after a scheduled start is missed via a command line schtasks /create.
The documentation does not seem to show this option as a command line option and neither does the documentation when using schtasts /create /?.
Over in the technet forums, this recommendation was posted:
As a suggestion, when I've come across missing parameters for this
I've made a task manually with the properties I want, exported to XML
and then I create the task with something like this: schtasks /create
/TN "My New Task Name" /xml "C:\TEMP\My Saved Task.xml" /RU
DOMAIN\username /RP password
According to documentation, get-scheduledjob only returns scheduled jobs where owner is the current user. Other scheduled job commandlets like set-scheduledjob also only work for scheduled jobs where owner is current user. This makes it impossible for non owners to get job status, modify the job (such as setting other credentials), etc.
In a proper IT organization, I'm going to say its crucial for these jobs to allow adminstration from various administrators.
Am I missing some way to administer, review results, etc (other than looking directly at the powershell output files in the owner's appdata)?
To clarify - I'm looking for a method to work with Powershell created and administered ScheduledJobs. If you modify the scheduled task that executes the scheduled job through the UI, schtask or other scheduled task specific tool, you'll get unexpected results. If you change owner/credentials, the scheduled task will fail. You can use UI/schtasks to change schedule without causing any problems. In addition to changing owner, I want to get at the results of get-job in order to monitor the jobs progress.
The only way I have ever been able to get this to work using Powershell was by invoking the schtask.exe utility:
Note: "/U" is for local administration and "/RU" is for remote administration, also "/S" is not needed with working locally.
Create by importing an XML previously exported from Task Scheduler
[string]$string = 'schtasks.exe /create /RU yourdomain\username /RP $password /TN Task-Name /XML "D:\Path\To\ExportedXML.xml" /S ServerName'
Delete:
[string]$string = 'schtasks.exe /delete /RU yourdomain\username /P $password /TN Task-Name /S ServerName /F'
Query:
[string]$string = 'schtasks.exe /query /RU yourdomain\username /P $password'
Run Locally:
Invoke-Expression -Command $string
Run Remotely:
Invoke-Command -ScriptBlock {$string}
I've written a few PowerShell scripts for managing scheduled tasks (they use the TaskService COM object):
Rename Scheduled Tasks in Windows 7, Windows Server 2008, and Windows Vista
How-To: Use PowerShell to Report on Scheduled Tasks
Updating a Scheduled Task's Credentials
Bill
I have a batch file that creates a scheduled task using schtasks like this:
schtasks /create /tn my_task_name
/tr "...\my_path\my_task.bat"
/sc daily
/st 10:00:00
/s \\my_computer_name
/u my_username
/p my_password
It works OK except the fact that when my_task.bat is executed - a new command line window is opened (and closed after execution).
I would like to avoid opening this new window (i.e. to run the task in quiet mode, in the background).
I thought to use
start /b ...\my_path\my_task.bat
but I don't know how, because since I have to call start from the batch file I need to precede it with cmd /c, which again causes the new window to open.
How could I solve this problem ?
You can do this by specifying /RU option for schtasks. This option
specifies the user account (user
context) under which the task runs.
For the system account, valid values
are "", "NT AUTHORITY\SYSTEM" or
"SYSTEM".
And thus, try this
schtasks /create /tn my_task_name
....
/st 10:00:00
/ru "SYSTEM"
....
You can use the Windows Shell Scripting extensions to execute a batch file in invisible mode.
Create a plain text file and name it <scriptname>.vbs
Paste the following code in the .vbs file
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run chr(34) & "C:\Batch Files\syncfiles.bat" & Chr(34), 0
Set WshShell = Nothing
Change the name and path of you batch file according to your need
Save the .vbs file and schedule the same in schtasks