asked on

Windows 2012 Task Scheduler won't run CMD script properly using a specified user account

I have a problem where the Windows 2012 Task Scheduler won't run a CMD script properly using a specified user account (user A), but will run properly using another user account (user B). I specifically include the word 'properly' because in the first instance, the script runs successfully as user A (according to the Last Run Result), it creates a 0 byte log file and then quits without writing output to the log file. Same thing when I run the script using the local system and administrator accounts ... 0 byte log file and no output. Yet, when I run the same script as user B, it works perfectly fine, writing output to the log file. I know it may sound like permissions, but it's not, as both user accounts have the exact same permissions and the 'Log on as a batch job' right. In Windows 2003 server, the same script runs fine as both users, and as local SYSTEM and local administrator. The log file get's written to a local folder at c:\dss\syncscripts.

On the 2012 system, I can run the script directly by double-clicking it, and it works fine for any account that has permissions on the folder and "log on as batch job" rights.

Anyone have any pointers?

Thanks.

PJ.

Justin Owens

Check the "Effective Permissions" on that folder in which the file is being written and make sure that both User A and User B have the same effective permissions..... Please report back....

DrUltima

Brad Bouchard

Try setting the action for your Scheduled Task as the generic (Command Prompt in the case of a command or batch file as an example) application/program, and then add in arguments that point to the actual path of the file/app you're trying to run. See my screenshot for reference.

McKnife

Please start a command shell using the credentials of administrator or user A and start your script from there - issues?

citpaj

ASKER

Effective permissions for user A and user B are shown in the attached print-sceens. Effectively the same.

Paul.
User-A-effective-access.PNG
User-B-effective-access.PNG

citpaj

ASKER

Brad. I tried your 'Start a program' settings, of including the application/program in 'Program/Script' and the required parameters in 'Add arguments' (see attached). Still did not work.

Paul.
Start-a-program-settings.PNG

citpaj

ASKER

McKnife. I tried using run-as Administrator to run the script. The behaviour is that it runs, creates a 0 byte log file, and then doesn't write the detail out to the log file. Essentially the same as when I use 'Run' in Task Scheduler. Microsoft told me yesterday that the behaviour is due to "Session Zero Isolation" not allowing the scheduled task to run as a user other than the user currently logged, because the task interacts with the desktop (that is, it pops up a CMD shell where you can see output while it runs). The say that "Session Zero Isolation" prevents processes from interacting with session zero (which is my interactive RDP session on the server).

If that's the case then it seems to me that with Windows 2008 R2 and Windows 2012 R2 (which have "Session Zero Isolation"), they have effectively killed the ability to run processes that run as another user, which interact with the desktop.

They'll be calling today to do some further work on this. I'll update the post later.

Paul.

McKnife

> tried using run-as Administrator to run the script
That is not what I recommended. You should start the command shell as another user using runas.exe.

ASKER CERTIFIED SOLUTION

citpaj

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial