Solved

CMD File Runs Fine By Itself But Not As Scheduled Task

Posted on 2016-08-15
21
55 Views
Last Modified: 2016-08-22
I am having trouble getting a batch file (.cmd) to run as a Scheduled Task on Windows 2k12r2.

I can successfully run the file both in a command prompt & by double-clicking on it, no problem.

In setting up the Scheduled Task, I adjusted both the Domain and Local Group policies to Access the computer from the network, log on as batch job & allow logon locally. (e.g. Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment -> Log on as a batch job)      

Furthermore, I logged into the machine as the User so that the User folder would get generated.

I've set it to run whether users is logged in or not. When I run the Scheduled Task manually I get Operational Code (2).

What am I missing here? Anything else for me to check?
0
Comment
Question by:Tessando
  • 9
  • 8
  • 4
21 Comments
 
LVL 14

Expert Comment

by:Edward Pamias
ID: 41757043
are you running this as a basic task with the highest privileges?
0
 

Author Comment

by:Tessando
ID: 41757052
Hi Edward - This was a "New Task" as opposed to a "Basic Task". I've performed the manual running of the Scheduled Task as both "Run with the highest privileges" and not, both of which were unsuccessful. Thanks!
0
 
LVL 14

Expert Comment

by:Edward Pamias
ID: 41757053
Try creating it as a basic task with the highest privileges. See details in the link below.

Click here
0
 
LVL 23

Expert Comment

by:NVIT
ID: 41757064
Event 102 means the task successfully finished. Can you clarify a specific issue you are having?
0
 

Author Comment

by:Tessando
ID: 41757072
Edward - I made a 'Basic Task' with highest privileges and it worked! Now, I did this logged in as the Administrator and when I changed it to the Windows User I need to run the scheduled task under, it failed.

Nvit - When I run the CMD batch file manually it works fine but when I attempt to run it as a scheduled task it does not work. The UI says it ran successfully, but the results don't appear.

I'm guessing this has something to do with that user and/or permissions associated with it. I've added Read & Execute on the folder, as well as the Group Policy described in the original question. Thanks for your help, guys.
1
 
LVL 23

Expert Comment

by:NVIT
ID: 41757081
What results? Let me guess... Maybe your batch expects a drive mapping letter, which may not work, depending on the user account running the task.
0
 
LVL 14

Expert Comment

by:Edward Pamias
ID: 41757086
Make sure the end user has the rights to do what ever the task is doing.
0
 

Author Comment

by:Tessando
ID: 41757095
NVIT - The results are specifically creating a Snapshot in Amazon. The drive letter is only contained in the contents of the Scheduled Task wrt the location of the Batch File, which can communicate directly with Amazon at invocation manually.

Edward - I have gone to the Security Tab of the folder that contains the batch file and given Read & Execute permissions. Does any other place come to mind that I should explicitly add permissions?
0
 
LVL 23

Expert Comment

by:NVIT
ID: 41757097
> The UI says it ran successfully, but the results don't appear.

Make another task, a simple one, to run with the same user account and settings as the problem task.
In this simple task...
- Action
- Program/script: cmd
- add arguments: /c echo hello > "%temp%\test.txt"

This task simply echos a 'hello' line in "%temp%\test.txt"
If that task works and the file "%temp%\test.txt" exists, the issue is in your batch file.

Correction
:
- Add arguments: /c echo hello > "%temp%\test.txt"
0
 

Author Comment

by:Tessando
ID: 41757111
Okay, thank you Nvit. I ran that test, not entirely sure how I can verify if it was successful or not, but both Users did not generate errors for the basic Scheduled Task that you described.

That said, I'm not sure why the batch file works when ran manually but not from the Scheduled Task. So, even if there is something wrong with the batch file, I have no idea what it is. This runs just fine from either login as well.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 23

Expert Comment

by:NVIT
ID: 41757122
> ...not entirely sure how I can verify if it was successful or not
If the file "%temp%\test.txt" exists, the task in itself succeeded. This rules out issues with task scheduler.

If you can post your batch file, we can probably help better. I realize security plays a role. If so, you can edit / replace sensitive information in the batch file.
0
 

Author Comment

by:Tessando
ID: 41757138
AH, okay, thanks for that clarification Nvit. The file did NOT appear at all. I even changed the User from my Windows Scheduled Task user to Administrator (both Domain and local) and did NOT see a text file appear.
0
 

Author Comment

by:Tessando
ID: 41757145
Oh, sorry. I missed that request. Here's the batch file:

aws ec2 create-snapshot --volume-id vol-******** --description "sauto-c"

Open in new window


As you can see, it's pretty simple. Thank you.
0
 
LVL 23

Expert Comment

by:NVIT
ID: 41757166
> The file did NOT appear at all

Then the issue is with running task scheduler. Possibly a security issue, e.g. gpo as you mentioned.
0
 

Author Comment

by:Tessando
ID: 41757169
Thank you, Nvit.

I've added the user to:

Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> “Access to this computer from the Network” AND “Allow logon locally”

and

Computer Configuration-> Windows Settings -> Security Settings -> Local Policies ->User Rights Assignment -> Log on as a batch job

Any other locations that come to mind? Thanks again.
0
 
LVL 14

Expert Comment

by:Edward Pamias
ID: 41757222
This is still going? The basic task was a good start. How did we make out with Nvit's suggestions?
0
 
LVL 23

Expert Comment

by:NVIT
ID: 41757240
> I adjusted both the Domain and Local Group policies...

Assuming your user is in a domain, so you adjusted the Default Domain policy, or whatever is your default domain policy, right?

Still, according to MS at https://technet.microsoft.com/en-us/library/dn221944(v=ws.11).aspx, unless your particular environment was changed, the  "Log on as a batch job" setting should not need to be set.
When an administrator uses the Add Scheduled Task Wizard to schedule a task to run under a particular user name and password, that user is automatically assigned the Log on as a batch job user right.
0
 

Author Comment

by:Tessando
ID: 41765959
Thanks for your patience, guys. I appreciate it. I had other fires to deal with but I'm back on this one. :)

I am able to run the Scheduled Task successfully as a local Administrator, however taking the user and even adding it to the "Domain Admins" and "Administrators" group is failing.

I removed all local GPO's and Nvit was correct in that "Log on as a batch job" automatically propagated, so that's getting somewhere.

Any other further suggestions for auditing this user and their permissions would be helpful. Or, if someone has an example of a user they created that can run Scheduled Tasks, that would be greatly appreciated. Thanks again.
0
 
LVL 23

Accepted Solution

by:
NVIT earned 500 total points
ID: 41765970
I can't see what else at this point. Have you tried a different user? i.e.
1. Logon a different user.
2. Test manually.
3. Logoff.
4. Adjust the task to run as that user. Also set box "Run with highest privileges"
0
 

Author Closing Comment

by:Tessando
ID: 41766161
Okay, I *think* I figured this out & I want to apologize for framing this as a Windows Question. As it turns out, the Windows User that I was using didn't have the Amazon CLI setup properly. Once that was setup (which apparently was setup for the Administrator account) it worked as expected. I'm closing this now and thanking you for hanging in there with me to the end. :)

I can only get this to run as a Scheduled Task when logged in as the Windows User, but I set a run for overnight to test it.

Oh, and I figured this out by logging into the server as the Windows User (per Nvit's suggestion) and couldn't run the script manually.  Thanks again.
0
 
LVL 23

Expert Comment

by:NVIT
ID: 41766411
Glad it worked out, Tessando.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
I have published numerous articles here at Experts Exchange that present programs/scripts written in a language called AutoHotkey. Each of those articles has a brief paragraph describing where to download the product and how to install it. I have al…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now