Solved

How do I get Windows 7 program elevation to work in Task Scheduler?

Posted on 2010-08-25
15
2,381 Views
Last Modified: 2012-05-10
We have a network program that requires an admin account to run. We've used Task Scheduler to create a task with elevated credentials to run on a standard user account. We get the following error after we've entered the admin account information just as the task is about to be created:
"Task scheduler cannot create the task.  The user account is unknown, the password is incorrect, or the user does not have permission to create this task."

We can create the task if we start Task Scheduler as an admin, but that doesn't work for the users as they get an "ERROR: Access is denied." message when executing the task.

The network program works fine if the PC is logged in as an admin account.

Other than terminating UAC, do we have any options?
0
Comment
Question by:Caprica
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
  • +1
15 Comments
 
LVL 6

Expert Comment

by:zkrieger
ID: 33527198
after you create the task, right click and open its properties page. on the bottom is a check box for "run with highest privileges"

if you want a task that anyone can run, set the user account to "system" and also check the run with highest privileges box.
0
 

Author Comment

by:Caprica
ID: 33527281
I can create a task as a regular user without elevated privileges. When I check "run with highest privileges" I get a prompt to enter the admin user and password, immediately after this is entered the same error is reported:

"Task scheduler cannot create the task.  The user account is unknown, the password is incorrect, or the user does not have permission to create this task."
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 33527307
Are you using Windows 7 Pro? (I think you should be). And does your computer have a proper password on the userid?   Don't forget that in stock Windows 7, the administrators account is disabled, so do not use it. Do not enable it.  Use instead the first account created when you installed Windows 7. That will be a member of the administrators group. You need one such account. ... Thinkpads_User
0
SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

 

Author Comment

by:Caprica
ID: 33527312
This is Windows 7 Enterprise and it's a domain user account and a domain administrator account we're using. I'm beginning to wonder if task elevation is only for the local machine and not for network programs across a domain.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 33527330
Thanks for the update on the Windows version. First make sure there is a local administrator account on the computer (but not "administrator"). Then see if that works for Task Scheduler. That is how I see it working in the articles that present it.

Another possibility is to look at UAC Trust Shortcut at http://www.itknowledge24.com/ . This works, but seems to need a service running and also I do not know how it works on a domain. I am trying it out currently and have not explored all the ramifications. ... Thinkpads_User
0
 
LVL 6

Expert Comment

by:zkrieger
ID: 33527351
recall that any domain account thats going to be used that way will require the login as a service right.
if you dont want to deal with that, run as the SYSTEM user. there is no password for that account.

it sounds more as if your domain admin is not being added to the local admins group via policy.
0
 

Expert Comment

by:trimeche_hafedh
ID: 33527385
Deactivate UAC
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 33527386
If it is a user machine, UAC should NOT be de-activated.   ... Thinkpads_User
0
 

Author Comment

by:Caprica
ID: 33527638
Thank you for all your suggestions. I will have another look at the system in the morning, it's at the office. This machine is a trial for the deployment of Windows 7 in our firm and turning off UAC would be against our policies. Unfortunately, we have older programs that need to be supported so we need to go through this process.
0
 

Author Comment

by:Caprica
ID: 33536929
I've tried some of your suggestions and the problem lies with the domain user account's inability to create a task to " Run with highest privileges". The task can be created if logged in as a domain admin, but then the user can't see the task to execute it.

Is there an AD policy that gives an account permission to create and run elevated tasks?
0
 
LVL 6

Expert Comment

by:zkrieger
ID: 33538065
hmm if its possible i believe it will have side affects you dont want, such as the user having at least local admin rights. im by no means an authority on the some 20,000? possible group policy options so maybe someone else can help you there.

if you just need something people can "run" at need, i would look at something scripted that stores the hashed elevated password.

http://mcpmag.com/articles/2005/09/19/the-invisible-administrator.aspx
might help you with that.
0
 

Author Comment

by:Caprica
ID: 33591778
Thanks for the suggestion but I don't want to use a third party tool to mess around with our passwords. Surely there's a way for Windows 7 to allow a regular user to run an elevated task - otherwise what's the point of elevating the task?
0
 
LVL 95

Accepted Solution

by:
John Hurst earned 500 total points
ID: 33592245
Use the UAC shortcut tool to create a shortcut on the desktop. You can do it, then user can run the task by double clicking the shortcut. The downside (which will be fixed according to the author) is that the shortcut service needs to run and it require a click to allow it. This is a bit of an annoyance, but will allow shortcuts to run.

... Thinkpads_User
0
 

Author Closing Comment

by:Caprica
ID: 33696166
I was hoping for a native Win7 solution, but this will do the job for now.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 33696292
Thank you. I, too, am waiting for a native Windows 7 solution. ... Thinkpads_User
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question