Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 366
  • Last Modified:

Secure a scheduled task? Third party software maybe?

Hi,
Does anyone know a way of locking down a scheduled task so that no one locally can modify or delete it?  (WinXPPro and W2KPro)  I can create a scheduled task on all of my users workstations but I can't seem to find a way to stop the users from deleting it or modifying it.  
If there is no way of doing this is the OS...does anyone know of a peice of third party software that can do this?
Any help would be greatly appreciated.  If  could offer more points on this I would because I have a feeling this is a doozy of a question.  :)
Thank you in advance
0
AFAIT
Asked:
AFAIT
  • 6
  • 4
  • 2
1 Solution
 
inbarasanCommented:
Dear AFAIT,
Only the users part of Administartor group can modify/add/delete Scheduled tasks. So if you restrict this then you can lock users doing anything on the tasks

Cheers!
0
 
AFAITAuthor Commented:
Sorry...I forgot to mention a big peice of the puzzle...my users are all members of the local admin group...  So this won't work.
0
 
inbarasanCommented:
AFAIT,
Then you may do this way. Schedule tasks on a server in which users can't login and remotly execute the commands from the server on your client systems
You can download psexec.exe freeware tool from www.sysinternals.com This tool is part pstools package.

Check whether this idea works
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
_iskywalker_Commented:
I fear you should create another group of admins, which doesnt have that much power. Since Admins should be able to do everything.
Every program you install they can deinstall, or change permissions for doing it. So you must bind them to a sandbox, so you have more
rights them they have. i think in windows you can modify also which program which users can open, but if they have admin rights they can change it.
Maybe a program installed in the registry which would start on start up, and run all time, keeping and monitoring the tasks (or even starting these tasks) could be a solution, but it would be like a trojan, when they discover, au revoir solution.
0
 
AFAITAuthor Commented:
inbarasan,
I never really thought of doing it this way (server-side push)...though it might work.  Basically I want to create a batch file that checks to see when the last time was that a user logged off and if it was more than a set number of days, it will tell them to log out.  I kind of like the idea of having a server-side push of this task but I would have to get a list of all workstations and somehow pass that to the batch file...I will look into this and see what I can do and get back.  ...may cause more network traffic than I am willing to allow for this...only one way to find out.  :)

iskywalker,
Although I really appreciate your thoughts, I am not so sure that the new group suggestion would work...I cannot get into changing rights of the local admin group at this moment.
0
 
_iskywalker_Commented:
well the idea of inbarasan is interesting, the list of host is easy, you should just make a command to log in and tell the name of the computer.
The problem the users can still block the port of the service. since they are still admin. You must act like a trojan, since you must pass through their confidence.
0
 
AFAITAuthor Commented:
Before the scheduled task is executed on the server, it needs the computer list...so wouldnt I need to create another scheduled task to query AD for all computers and redirect that to a text file?  Then pass the text file to the scheduled batch file?
0
 
inbarasanCommented:
net view

Execute this command then you will receive updated list of computers
0
 
AFAITAuthor Commented:
...Is there a way of using net view for a specific OU and sub OUs of that one?
0
 
inbarasanCommented:
Actually Net view will get a list of all the computers which you can see in Network neibourhood. You may look at dsquery tool to query against OU's and take the list.
0
 
AFAITAuthor Commented:
Awesome, I will look at that and get back.  Thank you very much for your help.
0
 
AFAITAuthor Commented:
You were a huge help inbarasan!
Thank you!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now