Note to self: if you want to import a Task Scheduler task that will “run as” a different user you must specify both the “run as” user name and password on the command line. The XML file containing the task already contains the user name but that won’t cause schtasks
to prompt for a password. Here’s an example command line:
1 |
schtasks /create /xml update-hosts.xml /tn "update-hosts" /ru TINTIN\rakhesh /rp Password1 |
If you don’t want to specify the password leave it blank or put an asterisk *
instead. This will cause schtasks
to prompt for a password.
1 |
schtasks /create /xml update-hosts.xml /tn "update-hosts" /ru TINTIN\rakhesh /rp |
There isn’t a way to specify a password in the XML file itself. Here’s the relevant snippet from the XML file above where the “run as” user is specified:
1 2 3 4 5 6 |
<Principal id="Author"> <UserId>TINTIN\rakhesh</UserId> <LogonType>Password</LogonType> <RunLevel>HighestAvailable</RunLevel> </Principal> </Principals> |
If you compare with the GUI, the child element LogonType
corresponds to the “Run only when user is logged on” and “Run whether user is logged on or not” options. It can take one of three values:
- S4U: Which corresponds to “Run whether user is logged on or not” and “Do not store password”. In this case the user account is expected to be a local service account. The account won’t have access to any network resources and its password isn’t stored by the system.
- Password: Which corresponds to “Run whether user is logged on or not”. If this option is checked in the GUI a password is prompted. But if this option is present in the XML file a password is not prompted and must be entered via the
schtasks
command as above. - InteractiveToken: Which corresponds to “Run only when user is logged on”. The task will only run in an interactive session in this case.
In the first two cases the UserId
child element specifies the username under which the task will run. In the second case though the username must be specified again when using the schtasks
command even if you specify it in the UserId
element.
Hope this helps somebody.