Announcement

Collapse
No announcement yet.

User-created (sch)tasks Invisible When Run

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • User-created (sch)tasks Invisible When Run

    SCENARIO
    On startup several tasks are added to schtasks via a GPO startup script:
    schtasks /create /xml "X:\task 1.xml" /ru "COMPUTER NAME\USER NAME" /rp PASSWORD /tn "Imported Task 1"
    etc.

    Via a batch script in Programs\Startup these tasks are then run:
    schtasks /run /tn "Imported Task 1"
    etc.

    PROBLEM
    Although the programs launched by the tasks all run (as the user), they run invisibly and can not be seen (by the user) in Task Manager unless "Show processes from all users" is clicked.

    OBSERVATIONS
    The tasks were set to "run only when the user is logged on" when they were exported, but after importing they are all set to "run whether the user is logged on or not".
    By ending the processes of the tasks in Task Manager, ending the tasks in Task Scheduler and resetting them to "run only when user is logged on" and then running them, the tasks run visibly as intended.

    QUESTION
    Is there any way to force/import/set tasks to "run only when user is logged on" (from the command line)?

  • #2
    Re: User-created (sch)tasks Invisible When Run

    I managed to resolve the situation. This solution is only for trusted environments.

    EDIT: Rems suggested a better solution in the next post.

    My particular scenario is somewhat complicated. Without going into detail, the computer is locked-down (running Returnil, similar to Steady-State) and the software is virtualized (Symantec Workspace Virtualization). I had the GPO startup script and a non-elevated batch file which is run on startup to play with.

    As the user account has no password it was difficult to import a task with elevated privileges intended to run visibly.

    Via the GPO script a temporary password was created*1, the tasks then imported with an /it switch to run them interactively*2 and the password removed*3. The tasks were then started from the script*4. (The tasks were delayed (with NirSoft's nircmd) so the virtualized layers had time to load.*5 The layers themselves are loaded with delay too, earlier, to give them some time.)

    *1 net user USERNAME PASSWORD
    *2 schtasks /create /xml "X:\Task.xml" /ru USERNAME /rp PASSWORD /tn TASKNAME /it
    *3 net user USERNAME ""
    *4 schtasks /run /tn TASKNAME
    (*5 nircmd cmdwait 6000 exec hide schtasks /run /tn TASKNAME)


    Some issues emerged as a result of the temporary password. An environment variable called SEE_MASK_NOZONECHECKS with a value of 1 was created to prevent Open File - Security Warnings*6 and network passwords were cached to prevent network password dialogs*7. I placed these commands in the non-elevated startup.bat, as they didn't work from the GPO startup script.

    *5 setx SEE_MASK_NOZONECHECKS 1
    *6 cmdkey /add:COMPUTERNAME /user:USERNAME /pass:""
    Last edited by Day Agent; 13th November 2012, 06:43. Reason: More background

    Comment


    • #3
      Re: User-created (sch)tasks Invisible When Run

      Originally posted by Day Agent View Post

      schtasks /create /xml "X:\task 1.xml" /ru "COMPUTER NAME\USER NAME" /rp "PASSWORD" /tn "Imported Task 1"
      and more tasks...

      PROBLEM

      After executing:
      schtasks /run /tn "Imported Task 1"
      ==> the programs launched by the tasks run invisibly and can not be seen (by the user) in Task Manager unless "Show processes from all users" is clicked.

      It turned out that all imported tasks were set to "run whether the user is logged on or not", while before exporting it did was correctly set to "run only when the user is logged on".

      QUESTION
      Is there any way to force/import/set tasks to "run only when user is logged on" (from the command line)?
      Actually what happening is that the command line switches are in fact forcing it to "Run whether the user is logged on or not".
      Notice that when you would open the task schedular interface and import the task there from the same xml file, it will not ask you for a user name and password.

      By using the switches /ru and /rp on the command line, the specific Principals settings in the xml file are being over ruled. Although the LogonType in the xml file probably stated 'InteractiveToken' it will now be forced to 'Password'.

      Try the same command line but without the two switches.

      /Rems
      Last edited by Rems; 12th November 2012, 22:02.

      This posting is provided "AS IS" with no warranties, and confers no rights.

      __________________

      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts

      Comment


      • #4
        Re: User-created (sch)tasks Invisible When Run

        Originally posted by Rems View Post
        Actually what happening is that the command line switches are in fact forcing it to "Run whether the user is logged on or not".
        Notice that when you would open the task schedular interface and import the task there from the same xml file, it will not ask you for a user name and password.

        By using the switches /ru and /rp on the command line, the specific Principals settings in the xml file are being over ruled. Although the LogonType in the xml file probably stated 'InteractiveToken' it will now be forced to 'Password'.

        Try the same command line but without the two switches.

        /Rems
        Much better. Thank you.

        Provided the exported task was created without using a password, schtasks /create /xml FILENAME /tn TASKNAME will not only import the task with highest privileges, but the task can be started from a non-elevated batch file. It also prevents problems with network passwords.

        Unfortunately, the Open File - Security Warnings persist for certain shortcuts. Adding .lnk to the GPO*1 would be a safer solution but, given my particular scenario and the relatively safe environment, setx SEE_MASK_NOZONECHECKS 1 remains the easiest approach.*2

        *1 Google "File Open - Security Warning" GPO for more information.
        *2 See earlier post.
        Last edited by Day Agent; 13th November 2012, 07:14.

        Comment


        • #5
          Re: User-created (sch)tasks Invisible When Run

          Originally posted by Day Agent View Post

          Unfortunately, the Open File - Security Warnings persist for certain shortcuts.
          What details about the file is provided on the dialog box?
          name:
          publisher:
          type: ...
          from: ...
          and is there also a 'check box' on the dialog box?

          Is the location (listed at 'from') computer local or on the network?
          What is the OS on the client and what OS is on the machine the executable file (listed at 'name') is stored.

          /Rems

          This posting is provided "AS IS" with no warranties, and confers no rights.

          __________________

          ** Remember to give credit where credit's due **
          and leave Reputation Points for meaningful posts

          Comment


          • #6
            Re: User-created (sch)tasks Invisible When Run

            Rems, thank you for offering to dig further into this issue but I'm quite satisfied with the solution.

            Tip of the hat,

            Day Agent

            Comment

            Working...
            X