![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2018-11-019
Tools
- GUI: taskschd.msc
- CLI: schtasks
Task File 的位置
- C:\Windows\Tasks
- C:\Windows\System32\Tasks
Task scheduled Security Context 與 excel
A scheduled task, by default, runs within the security context of the user who scheduled the task and only runs if that user is logged on when the task is triggered.
If a task is registered using the Administrators group for the security context of the task, then you must also make sure the Run with highest privileges check box is checked if you want to run the task.
Run whether user is logged on or not
"To make a task run interactively, select the Run only when user is logged on radio button."
the task schedulre may not run scripts/tasks, when the Deny log on as a batch job
batch-queue tool
An application like Excel must run in an interactive session. It may work while the server is "locked"
===================
Excel Services which is supposed to make it possible to run Excel as a service using SharePoint, which would allow it to run unattended with nobody logged in.
This has the effect that on server bootup, that user will login as an interactive console session. Unlike RDP sessions, this is permanent and makes Excel happy.
dcomcnfg
DCOM Config -> microsoft excel application
Properties -> Identity
Log on as batch job
secpol.msc (本機安全性原則)
Computer Configuration->Policies->Windows Setting->Security Settings->Local Policies->User Rights Assignment->Log on as a batch job
The reason being, UAC is preventing the membership of the Administrators group having any affect, without prior elevation. This is by design.
"Run with highest privileges" just tells the task scheduler to elevate the user first before executing the command.
Try writing a file in a directory where 'users' have write permissions, it will work without 'highest privileges'
Background scheduled task
change the User running the task to "SYSTEM", and nothing will appear on your screen.
taskschd.msc
Example: Daily Reboot
# 查看有沒有 shutdown command
cacls C:\Windows\System32\shutdown.exe
# 開始建立 task
taskschd.msc
# Settings:
* 不論使用者登入與否
* Do not store password. The task will only have access to local resources
程式: shutdown.exe 引數: /r /c "Scheduled daily reboot" 位置: C:\Windows\System32 # shutdown.exe 在此位置
CLI - schtasks
Help
schtasks /Create /?
Create Task
schtasks /Create [/S <system> [/U <username> [/P [<password>]]]]
[/RU <username> [/RP <password>]] /SC <schedule> [/MO <modifier>] [/D <day>]
[/M <months>] [/I <idletime>] /TN <taskname> /TR <taskrun> [/ST <starttime>]
[/RI <interval>] [ {/ET <endtime> | /DU <duration>} [/K] [/XML <xmlfile>] [/V1]]
[/SD <startdate>] [/ED <enddate>] [/IT] [/Z] [/F]Opts
/S system
Specifies the remote system to connect to. (Default: local)[與 /U /P 一起使用]
/TR taskrun
A value that specifies the path and file name of the task to be run at the scheduled time.
For example: C:\Windows\System32\calc.exe
/SC schedule
MINUTE, HOURLY, DAILY, WEEKLY, MONTHLY, ONCE, ONLOGON, ONIDLE, and ONEVENT.
/MO modifier # Refines the schedule type
MINUTE: 1 - 1439 minutes. 5 => 每 5 min.
HOURLY: 1 - 23 hours.
/TN taskname
A value that specifies a name which uniquely identifies the scheduled task.
P.S. Folder Name
/TN tim\SyncData
/ST HH:mm
starttime
/SD mm/dd/yyyy
startdate (defaults to the current date)
/NP
No password is stored. The task runs non-interactively as the given user.
Only local resources are available.
/RU username
User context under which the task runs.
For the system account, valid values are
- ""
- "NT AUTHORITY\SYSTEM"
- "SYSTEM"
For Task Scheduler 2.0 tasks,
- "NT AUTHORITY\LOCALSERVICE"
- "NT AUTHORITY\NETWORKSERVICE"
/RP [password]
A value that specifies the password for the user specified with the /RU parameter.
To prompt for the password, the value must be either "*" or no value.
This password is ignored for the system account. This parameter must be combined with either /RU or the /XML switch.
# Changing a Task
schtasks /Change [/S system [/U username [/P [password]]]] /TN taskname
{ [/RU runasuser] [/RP runaspassword] [/TR taskrun] [/ST starttime]
[/RI interval] [ {/ET endtime | /DU duration} [/K] ]
[/SD startdate] [/ED enddate] [/ENABLE | /DISABLE] [/IT] [/Z] }i.e.
# Task Name: sync_data - run "FreeFileSync.exe" at 15:19 daily
schtasks /Create /SC DAILY /ST 13:45 /TN SyncData ^ /TR "'C:\Program Files\FreeFileSync\FreeFileSync.exe' 'C:\BackupTasks\BatchRun1.ffs_batch'"
Remark
在 CMD 時要用兩個 "..." 去執行才成功
"C:\Program Files\FreeFileSync\FreeFileSync.exe" "C:\BackupTasks\BatchRun1.ffs_batch"
# To create a task that runs every 10 minutes every day
schtasks /create ^ /ru task_username /rp task_password ^ /sc minute /mo 10 /tn task_name ^ /tr task_command_line
# Querying for Task Information
# /FO Output format: TABLE, LIST, CSV
schtasks /Query
i.e.
schtasks /Query
Folder: \ TaskName Next Run Time Status ======================================== ====================== =============== OneDrive Standalone Update Task-S-1-5-21 4/29/2020 9:52:24 AM Ready Process Explorer-DESKTOP-???????-tim N/A Running SyncData 4/28/2020 3:19:00 PM Ready Folder: \Microsoft TaskName Next Run Time Status ======================================== ====================== =============== INFO: There are no scheduled tasks presently available at your access level. ...
schtasks /Query | findstr SyncData
SyncData 4/28/2020 3:19:00 PM Ready
# Immediately run a scheduled task
schtasks /Run /TN taskname
i.e.
schtasks /Run /TN SyncData
# Deleting a Task
schtasks /Delete /TN taskname
i.e.
schtasks /Delete /TN SyncData
WARNING: Are you sure you want to remove the task "SyncData" (Y/N)? Y SUCCESS: The scheduled task "SyncData" was successfully deleted.
Run whether user is logged on or not
if you add /RU <username> /RP <password> to the call to schtasks.exe
you will get "Run whether user is logged on or not" selected.
You can also use the /NP instead, which will also give you "Run whether user is logged on or not",
but also "Do not store password..." which will limit the accessible resources.
P.S.
/NP 要 administrator call 才沒有 "ERROR: Access is denied. "
Troubleshoot
[1]
Error message when you run an old scheduled task or a newly created scheduled task
on a Windows Server 2003 Service Pack 2-based domain controller: "0x8007000d: The data is invalid"
[Fix] 清除所有 jobs
net stop schedule
cd %windir%
attrib -s tasks
cd tasks
copy sa.dat sa.dat.bak
del sa.dat
net start schedule
