Hello!
I would like to configure a ScheduledTask inside Windows PowerShell 5.1 to run:
Windows Terminal, which runs as NT AUTHORITY\SYSTEM PowerShell 7.4.6, which runs a PowerShell script.
As a first step, I just tried to configure a ScheduledTask to run Windows Terminal as NT AUTHORITY\SYSTEM, running PowerShell 7.4.6. I tried to adapt the procedure already shown in this post:
I expect to see a Windows Terminal window opening in my system while I’m logged in as myuser. However, this doesn’t work. No new window is created and the ScheduledTask produces a non-zero LastTaskResult:
Windows Terminal is a GUI application. Do you really need Windows Terminal or do you just want to leverage Powershell 7.4.6 to execute a script?
Have you tried changing the Execute argument to the path for Powershell v7?
EDIT: I think i’m misunderstanding the goal. Is the goal specifically to have Windows Terminal open, and be running as System? I don’t think Windows will let you do that as the Scheduled Task will try to run in the scope of the “Principal”, and you’re not System.
I mostly see people using psexec in order to get an interactive PS window running as System.
I would like to launch a window where PowerShell 7.4.6 executes a script with high privileges. The window is necessary, because the script may require user interaction. It may not be Windows Terminal, but any equivalent one.
If I put the path for PowerShell 7 in the Execute argument, I guess there is no user interface.
Yes, I would like an interactive PowerShell window where the script is run with high privileges. I don’t know psexec: is there any usage example for this specific case?
This sounds like a terrible idea. Giving user input capabilities to be executed by system? That could easily be abused even if it did work. However, to be able to see an interactive window from a scheduled task action, it would have to run as that specific user. You’d have to elevate to system from within that script. Perhaps it would be a better idea to tell us what you’re trying to accomplish and maybe there are safer/better alternatives than your current plan. If nothing else, have a script run in user context, capture the input you need, examine the input to verify it’s not malicious (or at least the expected type of value), and then have this script run another scheduled task (the one running as system) and that script can grab the input from a file or wherever you stored it.
I understand your point. I’ll try to be more detailed about this specific issue.
The script basically runs Get-WindowsUpdate (part of the PSWindowsUpdatemodule) and, if any update is available, it tries to install it. So, it must have high privileges.
However, sometimes a reboot is required and confirmation from the user is requested: otherwise Get-WindowsUpdate (and the script running it, and the ScheduledTask running the script) get stuck forever with no chance to know why it is stuck and no chance to unlock it.
The regular user myuser, where I would like to have that window in the GUI, is also a system Administrator, so it has at least in principle the permission to perform all these operations.
So, I would like the window to be created at a specific time, and if the script has no requests to the user, it would end by its own; otherwise, I would like to be able to manually interact with the script (as if it was run manually) and the requests it makes, through the window.
If there’s a way to trigger a notification from Get-WindowsUpdate, I can try. Do you know any example about this? I don’t know very well Toast Notifications.
My thought was that at this point in your script, you use a toast notification to notify the user of the reboot. They are very flexible and you can even provide links in the toast to take additional actions. Google powershell toast notifications and you should get plenty of results. I also sent you a message as well.