4

In the Windows 7 task scheduler, I have a task that runs when any user logs on. This task is run as Administrator so it can get the proper priviliges and runs a bat file.

I would like to pass in the username (userid) of the user that logged in, which triggerred the task, to the bat file. I need to run the bat file using the Administrator account which results in the environment variable USERNAME being set to Administrator instead of the username that logged in.

How do you get the userid of the user that logged in causing the task to trigger?

ciso
  • 217
  • 3
  • 14

1 Answers1

7

It's not ideal, but you could have a separate task that just writes the username to a log file at the same time, and correlate the logs later. For that matter, since the task runs at login, this information is already available in the event logs. If you're really desparate to not correlate these later, you could add code (or a step) to the existing task to pull the most recent login event.

Login Event Log

Looking through my own logs a little more closely, I see you want Event ID 4624, but only where the Logon Type is 2 or 7. I saw a number of Logon Type 5 events for system accounts doing various things. There's more info here:

http://www.windowsecurity.com/articles-tutorials/misc_network_security/Logon-Types.html

Joel Coel
  • 12,910
  • 13
  • 61
  • 99
  • 1
    +1 For reading the event log. Certainly there's an easier way to do this, but I'd do it this way for the geek factor alone. – I say Reinstate Monica Nov 21 '14 at 00:28
  • Based on Joel's post, this is the method I'm using for now (using Wevtutil.exe to extract the specific event). I do agree there should be an easier way. If no better way is found in the next few days, I'll mark this as the answer. Thank you Joel. – ciso Nov 21 '14 at 03:08
  • Does your Windows 7 box have powershell enabled? – xXhRQ8sD2L7Z Nov 21 '14 at 04:55
  • Yes it does. I know I can get at the event log that way too. I was really hoping for something simpler since the task scheduler should know what triggerred the task and should have access to the event that triggerred it. – ciso Nov 21 '14 at 05:20