Scheduled Task Won't Run Under Limited User

[K]

I have a few workgroup machines which I cannot for various reasons join to
the domain.

I have set up 2 scheduled tasks to perform a number of actions at user
logon. These tasks run as administrator and so can perform the relevant
actions.

They show in Scheduled Tasks and run fine when the administrator logs in,
however when a normal user (limited user) logs in, they can neither see the
tasks exist nor do they run.

What do I need to do to get around this problem?

Thank you

 

[Pegasus \(MVP\)]

I have a few workgroup machines which I cannot for various reasons join to
the domain.

I have set up 2 scheduled tasks to perform a number of actions at user
logon. These tasks run as administrator and so can perform the relevant
actions.

They show in Scheduled Tasks and run fine when the administrator logs in,
however when a normal user (limited user) logs in, they can neither see
the tasks exist nor do they run.

What do I need to do to get around this problem?

Thank you

There is a conceptual problem here. If your logon script elevates
the user's privilege to that of an administrator then a computer-savvy
user can tap into this script and do whatever he pleases. You might
as well make him an administrator.

Creating a task under the account of the Administrator won't do
the trick, because this task will only run when the administrator
logs on.

What are the actions that require administrative privileges? Can't
you implement them through Group Policy?

 

[K]

There is a conceptual problem here. If your logon script elevates
the user's privilege to that of an administrator then a computer-savvy
user can tap into this script and do whatever he pleases. You might
as well make him an administrator.

Creating a task under the account of the Administrator won't do
the trick, because this task will only run when the administrator
logs on.

What are the actions that require administrative privileges? Can't
you implement them through Group Policy?

They are workgroup machines so GPO not an option and local policy will be
far too time consuming to implement.

The user logs on as themselves and the scheduled task (which is set to kick
in at user logon) runs using the admin account. The script performs a
number of audit actions and then FTP's the data back to head office. The
actual scripts are secured on the DACL to admin only so the user cannot
tamper with them.

This DOES work on some machines. The scheduled tasks both show up and run
whether user or admin logs in. There are as described though a number of
problematic machines where the scheduled tasks were created under the admin
account and are not visible (therefore do not run) under the user account.

How can I make all tasks visible to all users?

 

[Pegasus \(MVP\)]

They are workgroup machines so GPO not an option and local policy will be
far too time consuming to implement.

The user logs on as themselves and the scheduled task (which is set to
kick in at user logon) runs using the admin account. The script performs
a number of audit actions and then FTP's the data back to head office.
The actual scripts are secured on the DACL to admin only so the user
cannot tamper with them.

This DOES work on some machines. The scheduled tasks both show up and run
whether user or admin logs in. There are as described though a number of
problematic machines where the scheduled tasks were created under the
admin account and are not visible (therefore do not run) under the user
account.

How can I make all tasks visible to all users?

There are two ways to make a task visible:
- Log on under the same account as the one used for the task.
- Log the output of each command processed by the task. If
it is a batch file then you do it like this:
@echo off
echo %date% %time% >> c:\test.txt
c:\SomeFolder\SomeProgram.exe 1>>c:\test.txt 2>>&1

 

[Jim]

On Sun, 12 Oct 2008 03:32:56 +0100, chakbells

completely OT

 

[Andrew]

It might require administrator priveliges