I’ve run into a very frustrating issue. I’ve written a powershell script to create new Scheduled Tasks. I create these with my admin account but specify a service account to run them. Everything works exactly as I need it to except for one irritating issue. I can’t get it to check the box “Do not store password. The task will only have access to local computer resources”. The "Run whether the user is logged on or not " radio button IS checked.
Any advice or suggestions? I am almost there.
Here is my script. (I’ve substitued Notepad for the actual program… it opens fine. Everything works exactly as intended except for that danged checkbox)
First: if you only need access to local computer resources why not using the SYSTEM account instead.
Second: If I’m not wrong you have to store the password if you want to run the task even if the user is not logged on. And you may even add the right to log on as batch job.
And BTW: When you post code or sample data or console output please format it as code using the preformatted text button ( </> ). Simply place your cursor on an empty line, click the button and paste your code.
Thanks in advance
I should point out that although the settings are all correct, it didn’t launch Notepad for me. It worked only when I changed the option back to ‘Run only when user is logged on’. Not sure if that’s a Notepad problem or a problem with specifying a user account that way. It didn’t work with SYSTEM or LOCALSERVICE either. YMMV.
Thanks @Olaf. I was expecting the Notepad window to pop up. You’re quite right, it’s in a different session so you can’t see the window. The processes were running.
First, the actual process must run under a service account.
Second, yes, that is correct, but not the issue. I just need that checkbox checked. All rights are set correctly.
And I will make use of the preformatted text button in the future, thank you.
That is a brilliant script, (you’ve taught me something) but when I run it I get access denied. The error seems to indicate the service account doesn’t have access to a task folder (I will paste below). I need to be able to create this under my administrator user account but specify the service account. I am running powershell as administrator. And everything works great under my original script except for that checkbox.
Is there a way to run that New-ScheduledTaskPrincipal and still specify the username and password?
Have you elevated your console/ISE/VSCode session (right-click | Run as Administrator)?
You run the script as the user that has local admin permissions (or permissions to register new scheduled tasks), and type the username of the account that will actually run the task at the Read-Host prompt.
Yessir, that’s exactly what I did. ISE, run as admin, under my administrator account, and specified the service account that will actually run the task in the script. Doing that, I get the above ‘access denied’ error. Most likely the service account does not have access to that folder in the message.
I think this might work for me though, as this is part of a process of loading a new machine. As it is, this will at least let me automate creating the actual task; only having to go back and re-enter the credentials on it. So it is a big step forward. I just wish I had a way to do the whole thing in one operation, but that may not be possible with the way our permissions are set up.
I really do appreciate you and Olaf looking at this. Thank you both.
Odd, it works fine for me. Just to check if it’s a problem with the account creating the script, try entering the username as ‘SYSTEM’ or ‘LOCALSERVICE’ for the user that will run the task, they both worked for me.
I did get that error intially but only when I forgot to elevate my session.
SYSTEM and LOCALSERVICE work for me as well. It’s just this service account. It just doesn’t have the folder permissions it needs to create the task. So not a scripting issue but a permissions issue. But… I think this will work for us as is.
Thank you for your help. That logontype parameter is what I think I was missing.