Create Scheduled task - run as logged on user

I’m creating a Scheduled task from SCCM as follows
$Action = New-ScheduledTaskAction -Execute ‘powershell.exe’ -Argument “-NonInteractive -NoLogo -NoProfile -File ‘$env:windir\UserCustomisations.ps1’”
$Trigger = New-ScheduledTaskTrigger -AtLogOn
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName ‘CBC User Customisations’ -Description ‘Created by SCCM Build. Runs at logon under users own credential to run user specific customisations’

This is fine BUT I want it to run under user context at logon time. I found an article about changing (manually) the run as to the “users” group and that appears to work, but what I can’t do is to get that name into the Powershell cmd. I’ve tried saying -user ‘Users’ and ‘Builtin\Users’ but PS just throw up an error - I assume because its looking for a user rather than a group. Any thoughts ??

As near as I can tell, the PowerShell cmdlets just weren’t coded with this capability. You might just try using good ol’ SchTasks.exe. It’ll run fine in PowerShell.

Here’s a quick example that will create a scheduled task that will run notepad in the context of the logged on user and then delete itself:

$action = New-ScheduledTaskAction -Execute “notepad.exe”
$trigger = New-ScheduledTaskTrigger -AtLogOn
$principal = New-ScheduledTaskPrincipal -UserId (Get-CimInstance –ClassName Win32_ComputerSystem | Select-Object -expand UserName)
$task = New-ScheduledTask -Action $action -Trigger $trigger -Principal $principal
Register-ScheduledTask Notepad -InputObject $task
Start-ScheduledTask -TaskName Notepad
Start-Sleep -Seconds 5
Unregister-ScheduledTask -TaskName notepad -Confirm:$false

Here’s the code that runs the necessary task on any user’s log on. This is direct COM programming, so it works on Windows versions previous to 10 that are incompatible with New-ScheduledTaskAction etc commands as well.

$ShedService = New-Object -comobject 'Schedule.Service'
$ShedService.Connect('Computer_Name', 'User_Name', 'Domain_Name', 'Password')

$Task = $ShedService.NewTask(0)
$Task.RegistrationInfo.Description = 'Description goes here'
$Task.Settings.Enabled = $true
$Task.Settings.AllowDemandStart = $true

$trigger = $task.triggers.Create(9)
$trigger.Enabled = $true

$action = $Task.Actions.Create(0)
$action.Path = 'C:\Path\To\file.exe'
$action.Arguments = '-arguments -if -any'

$taskFolder = $ShedService.GetFolder("\")
$taskFolder.RegisterTaskDefinition('Task_Name', $Task , 6, 'Users', $null, 4) 

To schedule a task on localhost simplify the Connect() method:

$ShedService.Connect()

In this expression

$trigger = $task.triggers.Create(8)

9 - at user logon,
Other triggers, like daily, monthly etc are listed here.

$ShedService.GetFolder("") - is Task Scheduler’s root folder, you change that if your task needs to be in a custom one.

$taskFolder.RegisterTaskDefinition(“Task_Name”, $Task , 6, ‘Users’, $null, 4)

6 is a bitmask to create new or update an existing task. $null - we don’t need password if we use group, generally this and the previous arguments correspond to /RU and /RP in schtasks.exe which is the ‘run as user’ context. And 4 stands for ‘TASK_LOGON_GROUP’, this is crucial for assigning task to a user group, you’ll get exceptions otherwise. Other options are listed here.

This script is perfect, well almost. Can I use it to create as scheduled task with multiple triggers? I’d like to add a trigger so the task runs when it is registered, in addition to running at each user login.