A workaround for the fact that a scheduled task in Windows requires a user to be logged in

Question

I am running a small executable created by a third party that needs to run at regular intervals on a Windows 2008 server. This executable effectively ETLs information from one system to another and needs to run every hour or so around the clock. As part of its processing the executable launches a small Windows Forms type UI.

I have set up a scheduled task to call the file and this works ONLY if the user under which the task is configured to run is logged onto the machine (either locally or via Remote Desktop). If I set the task to run as another user, or set the task to run when the user is not logged, on the scheduled task executes and errors. I have tried running as different users including Administrator user and System user. Is there any possible workarounds (without changing the third party code which I have no access to) which would allow this code to be run without a specific user logged in.

That's odd that a system account cannot even execute the jobs. I am using a system account to run multiple scheduled tasks at various intervals without a problem. There should also be an option for "Run only if logged in" that you can enable or diasble. — Robert, Aug 05 '11 at 23:11

score 6 · Accepted Answer · answered Aug 05 '11 at 23:31

6

The GUI app needs a desktop and you only get one of those for a logged in user.

answered Aug 05 '11 at 23:31

David Heffernan

601,492
42
1,072
1,490

Then how is it that some GUI apps like the OSK can run from the login-screen? – Synetech May 10 '17 at 23:50
I don't know much about the login screen. I was contrasting scheduled tasks run as a logged on user on an interactive desktop with those run without a desktop. – David Heffernan May 11 '17 at 05:44

Breeze · Answer 2 · 2015-11-18T13:07:42.853

This article shows how to create a task that does not require any login: https://www.scriptjunkie.us/2013/01/running-code-from-a-non-elevated-account-at-any-time/

The described procedure is as follows:

First, create a scheduled task to run your command with default options as the current user (this will by default create a scheduled task that only runs when you are logged in):

schtasks /create /tn mytask /SC HOURLY /TR "calc"

Then export the task as XML:

schtasks /query /XML /tn mytask > temp.xml

and delete the task:

schtasks /delete /tn mytask /f

Then open the xml file, and replace the line <LogonType>InteractiveToken</LogonType> with <LogonType>S4U</LogonType>

This can be done with the following commands assuming powershell is on the system: powershell -Command "Get-Content '.\temp.xml' | foreach {$_ -replace 'InteractiveToken', 'S4U' }" > new.xml move /y new.xml temp.xml

Now recreate the task from the modified XML file:

schtasks /create /xml temp.xml /tn mytasks

and remove your temp file:

del /f /q temp.xml

The part where you replace InteractiveToken with S4U worked excellent for me. I wonder why this is not an option in the Task Scheduler. (using Windows 10) — User0, Aug 21 '16 at 15:04
@User0 That option is available in the GUI, it's actually hidden behind the checkbox about NOT storing a password because only local resources are accessed. When that is clicked, `S4U` becomes the logon type in the XML file. — Thorsten Schöning, Apr 30 '21 at 14:34

score 2 · Answer 3 · answered Jan 11 '13 at 16:22

I think I have found a solution for this situation. You need to have two user accounts on the server (User1 and User2). RMD into the server under User1. Within this RMD, create your scheduled task, and set it to run under User2 account. Then, from within this RMD, you need to RMD into the server itself using User2 credentials (kind of like Inception's dream within a dream). It's important not to minimize this new RMD window; you can make it small, but it must be open. You are then free to close the original RMD session and the task will run under the User2 account, because User2 has an open desktop from your 2nd RMD session.

Protip - don't unpin the RMD window handles at the top of the RMD window - it can be a pain to close the correct RMD then. If you do, you'll need to use the Start > Log Out option all the way out of your RMDs.

score 2 · Answer 4 · answered Dec 03 '15 at 07:06

2

I might be late in replying, but can't we use at command, without /interactive...

https://support.microsoft.com/en-us/kb/313565

As per microsoft: /interactive: Use this parameter to allow the task to interact with the desktop of the user who is logged on at the time the task runs.

answered Dec 03 '15 at 07:06

MansoorAliA

29
1

this presumes to run on whoever is logged in at the time. that's the antithesis of a server's job. nobody is supposed to be logged in most of the time. A good idea, but I think it's a miss for the task at hand – Ken Forslund May 25 '21 at 16:19

SystemAdmin · Answer 5 · 2017-09-19T13:36:56.657

2

There is a simple solution. Change group to local group "users" and you will not be prompted for a password. (Scheduled Task - General - Security Options - Change User or Group).

edited Sep 19 '17 at 13:36

answered Sep 19 '17 at 13:30

SystemAdmin

21
4

score 2 · Answer 6 · edited May 23 '17 at 12:17

2

It would seem that from the research I have done (and David Heffernan's answer), without affecting the source code, this is not possible.

There are some useful thoughts on How can I run a Windows GUI application on as a service? which relate to this but none give a viable workaround to this problem.

edited May 23 '17 at 12:17

Community

1
1

answered Aug 08 '11 at 12:34

AlexC

10,676
4
37
55

score 0 · Answer 7 · edited Feb 23 '19 at 06:10

0

This looks to be an old thread, but I recently ran in to this in my organization due to UAC requirements they were not using. I am still testing this, but I believe you can still enable interactive mode on a scheduled task by using the /Change command on the task and adding the /IT flag to make it interactive. Referenced here: https://learn.microsoft.com/en-us/windows/desktop/taskschd/schtasks

schtasks /Change /tn "Task A" /IT /RP "password of user if used"

My initial tests show this to be working, however I cannot noticeably see a difference to the task in task scheduler when I do this. So, I am not sure of how to verify if it is set to do this.

edited Feb 23 '19 at 06:10

Burgan

880
1
7
24

answered Feb 22 '19 at 20:15

Martin Becker

1

One can see the difference using e.g. Sysinternal's Process Explorer: Just open the properties of the process of interest, tab `Security` and check for a group named something like `NT-AUTHORITY\INTERACTIVE`. This group should only be present after successful interactive logon with some process. – Thorsten Schöning Apr 30 '21 at 14:30
I'm somewhat sure that `\IT` doesn't work like you expect: `The task runs only if the user is logged on.` that's exactly what was NOT wanted here. – Thorsten Schöning Apr 30 '21 at 14:31

score 0 · Answer 8 · answered May 02 '22 at 16:54

I had a similar issue. My VB app would not run properly on my server unless I had "Run only when user is logged on" enabled. I forget where I found this info, but doing it allowed my VB app to run perfectly with a set user, without needing to be logged in. It allows it to interact with the Desktop.

On a Windows 2008 (or greater) server, you need to do the following:

For x64, just create this folder: C:\Windows\SysWOW64\config\systemprofile\Desktop

For x86, just create this folder: C:\Windows\System32\config\systemprofile\Desktop

A workaround for the fact that a scheduled task in Windows requires a user to be logged in

8 Answers8

Linked