Fightling Powershell and Task Scheduler

I’ve run into a very frustrating issue. I’ve written a powershell script to create new Scheduled Tasks. I create these with my admin account but specify a service account to run them. Everything works exactly as I need it to except for one irritating issue. I can’t get it to check the box “Do not store password. The task will only have access to local computer resources”. The "Run whether the user is logged on or not " radio button IS checked.

Any advice or suggestions? I am almost there.

Here is my script. (I’ve substitued Notepad for the actual program… it opens fine. Everything works exactly as intended except for that danged checkbox)

$name = Read-Host ‘Username’
$pass = Read-Host ‘Password’

$action = New-ScheduledTaskAction -Execute ‘notepad’

$trigger = New-ScheduledTaskTrigger -Weekly -At 7am -DaysOfWeek Monday

$settings = New-ScheduledTaskSettingsSet -ExecutionTimeLimit (New-TimeSpan -Minutes 60)

Register-ScheduledTask -Action $action -Trigger $trigger -TaskName “TEST Notepad” -Description "This just opens notepad"
-User $name -Password $pass -RunLevel Highest -Settings $settings

Welcome tot he forum. :wave:t4:

First: if you only need access to local computer resources why not using the SYSTEM account instead.
Second: If I’m not wrong you have to store the password if you want to run the task even if the user is not logged on. And you may even add the right to log on as batch job.

And BTW: When you post code or sample data or console output please format it as code using the preformatted text button ( </> ). Simply place your cursor on an empty line, click the button and paste your code.
Thanks in advance

Hi, welcome to the forum :wave:

You need to use New-ScheduledTaskPrincipal to tick that box. I also used splatting because the command was a bit long.

$user = Read-Host 'Username'

$params = @{

Action      = New-ScheduledTaskAction -Execute 'notepad'
Trigger     = New-ScheduledTaskTrigger -Weekly -At 7am -DaysOfWeek Monday
Settings    = New-ScheduledTaskSettingsSet -ExecutionTimeLimit (New-TimeSpan -Minutes 60)
Principal   = New-ScheduledTaskPrincipal -UserId $user -LogonType S4U -RunLevel Highest
TaskName    = 'TEST Notepad'
Description = 'This just opens notepad'


Register-ScheduledTask @params 

I should point out that although the settings are all correct, it didn’t launch Notepad for me. It worked only when I changed the option back to ‘Run only when user is logged on’. Not sure if that’s a Notepad problem or a problem with specifying a user account that way. It didn’t work with SYSTEM or LOCALSERVICE either. YMMV.

It works fine :partying_face:

1 Like

I think that’s feature by design. Why should you see the processes from another session?


Thanks @Olaf. I was expecting the Notepad window to pop up. You’re quite right, it’s in a different session so you can’t see the window. The processes were running.

Howdy Olaf.

First, the actual process must run under a service account.
Second, yes, that is correct, but not the issue. I just need that checkbox checked. All rights are set correctly.
And I will make use of the preformatted text button in the future, thank you.

Howdy matt-bloomfield.

That is a brilliant script, (you’ve taught me something) but when I run it I get access denied. The error seems to indicate the service account doesn’t have access to a task folder (I will paste below). I need to be able to create this under my administrator user account but specify the service account. I am running powershell as administrator. And everything works great under my original script except for that checkbox.

Is there a way to run that New-ScheduledTaskPrincipal and still specify the username and password?

Register-ScheduledTask : Access is denied.
At C:\Scripts\CreateTask\ForumAlt.ps1:16 char:1
+ Register-ScheduledTask @params
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (PS_ScheduledTask:Root/Microsoft/...S_ScheduledTask) [Register-ScheduledTask], CimException
    + FullyQualifiedErrorId : HRESULT 0x80070005,Register-ScheduledTask

Have you elevated your console/ISE/VSCode session (right-click | Run as Administrator)?

You run the script as the user that has local admin permissions (or permissions to register new scheduled tasks), and type the username of the account that will actually run the task at the Read-Host prompt.

Yessir, that’s exactly what I did. ISE, run as admin, under my administrator account, and specified the service account that will actually run the task in the script. Doing that, I get the above ‘access denied’ error. Most likely the service account does not have access to that folder in the message.

I think this might work for me though, as this is part of a process of loading a new machine. As it is, this will at least let me automate creating the actual task; only having to go back and re-enter the credentials on it. So it is a big step forward. I just wish I had a way to do the whole thing in one operation, but that may not be possible with the way our permissions are set up.

I really do appreciate you and Olaf looking at this. Thank you both.

Odd, it works fine for me. Just to check if it’s a problem with the account creating the script, try entering the username as ‘SYSTEM’ or ‘LOCALSERVICE’ for the user that will run the task, they both worked for me.

I did get that error intially but only when I forgot to elevate my session.

SYSTEM and LOCALSERVICE work for me as well. It’s just this service account. It just doesn’t have the folder permissions it needs to create the task. So not a scripting issue but a permissions issue. But… I think this will work for us as is.

Thank you for your help. That logontype parameter is what I think I was missing.