6
2
As per the comments in the accepted answer to this question, I'm having issues running a scheduled task which calls shutdown.exe
, even when the user is an administrator. I'm administrating someone else's machine using their main account, so I can't exactly change too much as they like things the way that they are.
What's really strange is that I can only make the task run if:
- The user is an administrator.
- They have defined a password.
For some strange reason unknown to me, not only does a user have to be an administrator, but they also must have a password on the account in order for the scheduled task to run. Otherwise, I get access denied errors and the task fails to run.
How can I make this work without having to force the user to define a password for their account?
Essentially, the remaining goal is to have the computer shut down (no matter who is or is not logged in) at 11pm every night.
I run into the following errors below when I try to set the task in the Scheduled Tasks
program:
An error has occurred while attempting to set task account information.
The specific error is:
0x8007005: Access is denied.
You do not have permission to perform the requested operation.
For the record, here's my security policy, you can see that my user has the permission to force shutdown and manually shutdown the computer:
Is the scheduled task running on the machine you want to shut down, or remotely? Have you tried using psshutdown instead of shutdown? – Harry Johnston – 2011-09-06T23:04:51.093
Locally, haven't tried psshutdown. – Naftuli Kay – 2011-09-06T23:05:58.957
1Windows requires a password for remote desktop and other network administration operations because it'd just be too big of a security hole to have it any other way. On top of that, many people would first blame Microsoft's poor security rather than their own negligence if they were hacked. – Hand-E-Food – 2011-09-06T23:27:25.200
Hmm. Well, Linux is normally pretty secure, and I can simply
sudo crontab -e
and add0 23 * * * shutdown -P now
. What could possibly be so hard for an administrator account on Windows to shut down the computer at a given time each day? – Naftuli Kay – 2011-09-06T23:29:59.077Unix root has absolute control. Windows Administrators do not; only SYSTEM does. (As you can see in your own screenshot, many privileges are assigned to Administrators just like a normal group, and can be revoked.) In a sense, Windows can be more secure -- most of its insecurity is caused by software bugs and by "first user is an administrator" default settings in XP and older. – user1686 – 2011-09-07T06:58:19.833
1@grawity: I don't think SYSTEM can hold any rights in the network domain. That just reinforces your conclusion: The Windows NT security model is safer (more robust) precisely because it's harder to gain all rights. Unix root is far too convenient, hence sudo – MSalters – 2011-09-08T13:46:44.170
@MSalters: No, it cannot, but a Domain Admin, like Administrator, has sufficient privileges to elevate themselves to SYSTEM when necessary, and domain-wide admin privileges cannot be revoked as easily.
– user1686 – 2011-09-08T18:33:55.120