I need to create a group policy that creates a scheduled task on every computer. This scheduled task needs to run a powershell script that should kill a process and rename this executable. From what i understand for GP scheduled task to work, you have to use “NT Authority\SYSTEM” account. When the script is ran using this account, almost everything works but it looks like the command Stop-Process can’t be ran under “NT Authority\SYSTEM” context and makes the script to hang. Any idea how i can kill the process from scheduled task which is pushed by GP?
Yeah, I think you’re probably chasing a ghost, here. You’re running up against a core operational and security-related aspect of the operating system, which is going to try very hard to keep you from doing that. Additionally, when a GP script runs, the system isn’t necessarily “running” all the way, which means many processes are still starting up. But what your’e doing is exactly what some kinds of malware try to do, so it’s something Windows kind of doesn’t love.
Normal scheduled tasks can run under whatever account you provide to them, so you might look into creating the task to run under alternate credentials.
If the goal is to keep a given process from running, then PowerShell is not a good tool. I’d look into a Software Restriction Policy (SRP) instead, which is a part of Group Policy, and which is very specifically designed to do this.
Maybe I am approaching this from a wrong angle. I don’t necessary need to run it during computer login. I simply want to kill an exe file on Friday at 5pm and rename it to make sure no one can run it. When i create a GP Scheduled task, unless i use “NT Authority\SYSTEM”, task doesn’t show up on users computers. I would be more then happy create a task using some account but how can i do it using group policy? When i create scheduled task using GP, it doesn’t even ask me for a password.
So you want to kill the process and make sure it -never- runs again?
We are going to have a software upgrade. This upgrade will take a few days on the back end. If users during this upgrade open the client on their computer, it may mess up the upgrade process. We told users that on Friday at 5pm they should be out of the system but to make sure they do follow directions, i’d like to run a script which will kill the process of this program (if someone didn’t close it) and rename the executable so the shortcut wouldn’t work. On Monday when the server upgrade is done, we’ll update clients.
Oh. Yeah, that’s gonna be a little hard.
I’d probably apply a script that just forced a logoff, which will kill the app. A Scheduled Task is kind of a terrible thing to leave lying around. Failing that, I suppose I’d try to create the task in a user GPO, not the computer GPO. It should run under user permissions then, especially if it’s allowed to interact with the desktop. But you’re going to get mixed results either way. This just isn’t something Windows was really designed for.
End of the day, though, this becomes really not a PowerShell question. I mean, scheduled tasks are scheduled tasks regardless of what they’re running. So this might not be the best venue to get the best answer, if you’re open to shopping around someplace like ServerFault.com.
you could run your Scheduled task as NT ? System and use ServiceUI.exe to call your PS script to kill the process