Solved

Secure a scheduled task? Third party software maybe?

Posted on 2006-11-06
12
356 Views
Last Modified: 2008-03-06
Hi,
Does anyone know a way of locking down a scheduled task so that no one locally can modify or delete it?  (WinXPPro and W2KPro)  I can create a scheduled task on all of my users workstations but I can't seem to find a way to stop the users from deleting it or modifying it.  
If there is no way of doing this is the OS...does anyone know of a peice of third party software that can do this?
Any help would be greatly appreciated.  If  could offer more points on this I would because I have a feeling this is a doozy of a question.  :)
Thank you in advance
0
Comment
Question by:AFAIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 14

Expert Comment

by:inbarasan
ID: 17880783
Dear AFAIT,
Only the users part of Administartor group can modify/add/delete Scheduled tasks. So if you restrict this then you can lock users doing anything on the tasks

Cheers!
0
 

Author Comment

by:AFAIT
ID: 17880795
Sorry...I forgot to mention a big peice of the puzzle...my users are all members of the local admin group...  So this won't work.
0
 
LVL 14

Accepted Solution

by:
inbarasan earned 500 total points
ID: 17880839
AFAIT,
Then you may do this way. Schedule tasks on a server in which users can't login and remotly execute the commands from the server on your client systems
You can download psexec.exe freeware tool from www.sysinternals.com This tool is part pstools package.

Check whether this idea works
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Expert Comment

by:_iskywalker_
ID: 17880869
I fear you should create another group of admins, which doesnt have that much power. Since Admins should be able to do everything.
Every program you install they can deinstall, or change permissions for doing it. So you must bind them to a sandbox, so you have more
rights them they have. i think in windows you can modify also which program which users can open, but if they have admin rights they can change it.
Maybe a program installed in the registry which would start on start up, and run all time, keeping and monitoring the tasks (or even starting these tasks) could be a solution, but it would be like a trojan, when they discover, au revoir solution.
0
 

Author Comment

by:AFAIT
ID: 17880908
inbarasan,
I never really thought of doing it this way (server-side push)...though it might work.  Basically I want to create a batch file that checks to see when the last time was that a user logged off and if it was more than a set number of days, it will tell them to log out.  I kind of like the idea of having a server-side push of this task but I would have to get a list of all workstations and somehow pass that to the batch file...I will look into this and see what I can do and get back.  ...may cause more network traffic than I am willing to allow for this...only one way to find out.  :)

iskywalker,
Although I really appreciate your thoughts, I am not so sure that the new group suggestion would work...I cannot get into changing rights of the local admin group at this moment.
0
 
LVL 6

Expert Comment

by:_iskywalker_
ID: 17880957
well the idea of inbarasan is interesting, the list of host is easy, you should just make a command to log in and tell the name of the computer.
The problem the users can still block the port of the service. since they are still admin. You must act like a trojan, since you must pass through their confidence.
0
 

Author Comment

by:AFAIT
ID: 17881035
Before the scheduled task is executed on the server, it needs the computer list...so wouldnt I need to create another scheduled task to query AD for all computers and redirect that to a text file?  Then pass the text file to the scheduled batch file?
0
 
LVL 14

Expert Comment

by:inbarasan
ID: 17881057
net view

Execute this command then you will receive updated list of computers
0
 

Author Comment

by:AFAIT
ID: 17881065
...Is there a way of using net view for a specific OU and sub OUs of that one?
0
 
LVL 14

Expert Comment

by:inbarasan
ID: 17881107
Actually Net view will get a list of all the computers which you can see in Network neibourhood. You may look at dsquery tool to query against OU's and take the list.
0
 

Author Comment

by:AFAIT
ID: 17881208
Awesome, I will look at that and get back.  Thank you very much for your help.
0
 

Author Comment

by:AFAIT
ID: 17883051
You were a huge help inbarasan!
Thank you!
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question