4

I need to allow a group of unprivileged users to trigger a predefined scheduled tank on a Windows Server 2008 R2 host. I seem unable to find the respective rights to do so. Upon an attempt to connect to the remote Task Scheduler, the remote system just gives me the middle finger: You do not have permission to access this computer

Even when a user is logged on on interactively, I cannot figure out how I would grant her the necessary permissions to run a task. In the pre-2008-era, a .job file has been created in the %SYSTEMROOT%\SYSTEM32\Tasks folder, where you could manipulate ACLs and influence the task scheduler behavior. In 2008, there seems to be no similar facility.

Note that I do not want to create additional tasks, I just want to run an existing one.

the-wabbit
  • 40,319
  • 13
  • 105
  • 169
  • It may just be me, but a scheduled task is almost by definition _not_ run on demand? Second I would expect that your users can bypass the scheduler and simply run the actual powershell, batch job or executable on demand instead? – HBruijn Nov 25 '13 at 11:45
  • @HBruijn at least in Windows, scheduled tasks have the option to be run on demand. It is a privilege issue - users should be able to execute a script remotely, but should not be able to read it or perform any other action on this server. Historically, scheduled tasks have proven to work well under these circumstances, although I admit that it somewhat stretches the concept of **scheduled** tasks. – the-wabbit Nov 25 '13 at 13:53

1 Answers1

3

I had a similar issue under Windows Server 2012 R2 and found the following working solution:

  • grant the users write access to the XML files in c:\windows\system32\tasks
  • grant the users permissions for Powershell Remoting
  • let users use Powershell Invoke-Command cmdlet to run SCHTASKS on the remote server:
powershell.exe -command "invoke-command {schtasks /run /tn TASKNAME} -computer SERVERNAME"
baddy
  • 13
  • 2
Stephan van Helden
  • 31
  • 2