Creating Windows Task Scheduler tasks - ruleset for reliable operations
After using Windows Task Scheduler for years, it occurs to me that perhaps I've missed what should be core guidance. So where to find:
"How to construct Task Scheduler tasks so they will run reliably?"
- when user is logged on or NOT?
- with a user profile user?
- with SYSTEM?
etc.
I've usually been able to find a combination that works by hit and miss.
But I'd like to be better educated.
Or, are there better and more flexible schedulers?
"How to construct Task Scheduler tasks so they will run reliably?"
- when user is logged on or NOT?
- with a user profile user?
- with SYSTEM?
etc.
I've usually been able to find a combination that works by hit and miss.
But I'd like to be better educated.
Or, are there better and more flexible schedulers?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I understand. Of course the link I provided is a very basic setup guide but you need much more.
Im running Tasks on Windows 10/ Server 2012 and 2016 every day and the are working now. But I had issues also thanks to the lovely feature UAC.
I set the tasks to run with Highest permissions so it will run with Elevated Permissions, and in group policy I made sure that the option
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode is set to Elevate without prompt.
If course the account which is running it needs to be local admin in the machine but at least this setting will not block the Task to run if UAC will switch on or set itself too high do of some security patches or other missconfigured policies.
How are you using UAC on the machines.
Im running Tasks on Windows 10/ Server 2012 and 2016 every day and the are working now. But I had issues also thanks to the lovely feature UAC.
I set the tasks to run with Highest permissions so it will run with Elevated Permissions, and in group policy I made sure that the option
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode is set to Elevate without prompt.
If course the account which is running it needs to be local admin in the machine but at least this setting will not block the Task to run if UAC will switch on or set itself too high do of some security patches or other missconfigured policies.
How are you using UAC on the machines.
ASKER
How are we using UAC? Nothing special such as Admin Approval Mode that you mention.
If I understand, which isn't all that likely, you are using the built-in Administrator as the Task user account and the Admin Approval Mode (which applies to that user) is set to Elevate without prompt.
Another thing which we haven't touched on:
What is the Configure for: OS set to? I see Windows Vista, Windows Server 2008 being used and being mentioned as an example. I've been using Windows 10 in this pulldown. I recall long ago that this selection could matter. Gets to "rules" again.....
If I understand, which isn't all that likely, you are using the built-in Administrator as the Task user account and the Admin Approval Mode (which applies to that user) is set to Elevate without prompt.
Another thing which we haven't touched on:
What is the Configure for: OS set to? I see Windows Vista, Windows Server 2008 being used and being mentioned as an example. I've been using Windows 10 in this pulldown. I recall long ago that this selection could matter. Gets to "rules" again.....
Yes this example shows Windows 7but it doesn't matter much as UAC in Windows 10 got more painful to deal with then Windows 10 however the group policies didn't change much.
In Windows 10 UAC will block your scripts, tasks to run if it's not set correctly. To avoid any issues I suggest to run your Tasks with Elevated permissions and make sure no Pop Up will block.
We stopped using UAC as it's pretty much useless and Moved to Cyberarc EPM which provides you with much more advanced option to set what can be run with Privileage access and what not.
What errors are you getting on the Tasks which didn't run successfully?
In Windows 10 UAC will block your scripts, tasks to run if it's not set correctly. To avoid any issues I suggest to run your Tasks with Elevated permissions and make sure no Pop Up will block.
We stopped using UAC as it's pretty much useless and Moved to Cyberarc EPM which provides you with much more advanced option to set what can be run with Privileage access and what not.
What errors are you getting on the Tasks which didn't run successfully?
ASKER
I don't recall getting any errors .... it's been years since I worked on the setup; so no recent logs - that is, until just recently. Now it's more about getting scripts to run independent of which user might be logged on; if any user.
I set this up to work this way so there are plenty of log entries. There are about 20 tasks that are scheduled and do this:
The application program also keeps a log so I can generally correlate the lack of a task ending in both sets of logs.
But, the real problem is getting them to START!
This question is tangential to this objective in that I've not been able to find any rules for the Task Scheduler entries and what they do. I'd rather know what I'm dealing with so thought I'd ask.
I set this up to work this way so there are plenty of log entries. There are about 20 tasks that are scheduled and do this:
Start a .bat script
write taskname and "start" "date/time" to a logfile.
launch another .bat file which starts an application program
[the application program reasonably appears as if it's an interactive program so there must be a logged on user or the task won't run]
.
The application program starts by running a .bat file that logs IT has started.
The application program does its work
The application program finishes its work and runs a .bat file that logs it's ended (ending really).
The application program sends an email and exits.
So, I can tell if it was triggered to start by the first log entry, if it ran and if it ended by the two succeeding log entries (and when).The application program also keeps a log so I can generally correlate the lack of a task ending in both sets of logs.
But, the real problem is getting them to START!
This question is tangential to this objective in that I've not been able to find any rules for the Task Scheduler entries and what they do. I'd rather know what I'm dealing with so thought I'd ask.
ASKER
I think the MSA approach is the right thing to pursue. Thanks!
ASKER
The small set of computers that have my focus right now are running, for the most part, as appliances.
But even so, I can't always guarantee what the logon will be, if any.
The machines had been getting automatically rebooted a couple of times a day with a Task Scheduler initiated script in order to get other things done but also served to rather assure that there would be a particular logon by using autologon at reboot.
My interest has been driven recently because it is not any longer possible to autologon. Whether this is a recent Windows 10 "feature" or it comes along with joining our new domain, I'm not sure. Even the sysinternals autologon program doesn't work any more - even though the config runs and appears to accept the settings, it doesn't achieve the autologon. I had been using autologon via netplwiz to assure that the right user was logged on and had been using reboots to change permissions. That worked for years ... but no more it seems.
This is for a few machines but each instance is for a single machine.
A task that would run *independent* of who is logged on, or if any logon is active, would be ideal. Thus "Run whether logged on or not" would do it - assuming it would work unto itself. But that mode has limitations that are generally not mentioned:
Some of the tasks are perforce "interactive" even though no interaction is required. That stops "Run whether logged on or not". And, that sort of thing is why I'm looking for a rule set and not random solutions. Even so, the small app you suggested is quite intriguing - although that one link doesn't seem to work, I found it at:
https://blog.cjwdev.co.uk/2012/12/18/managed-service-accounts-gui-1-5-released/
As far as:
https://www.windowscentral.com/how-create-automated-task-using-task-scheduler-windows-10?amp
This seems to cover the basics of using Task Scheduler. The issues I'm facing go beyond it.
Thanks for the suggestions!