We had a non-admin user that needed to open the Task Scheduler and manage some tasks. The problem is that when that user opened the Task Scheduler, it was empty, but accessing as administrator we could see the tasks were there. We didn’t want to change the user to be an admin since that was the only thing the user needed access to, so we need a workaround.
What I found on my searches
I’ve googled and found some suggestions that didn’t work for me:
-
Adding permission to the user in the folder
C:\Windows\System32\Tasks. -
Change the Local Policy to allow "Log on as a batch job".
Half way through
Funny thing, accessing the scheduler using the command schtasks, shows the tasks there.
Unfortunately, for me, the user accessing that server was not a technical user, so typing commands was not the best option.
A light shines
But them I thought: "If when accessing as admin I can see the tasks, maybe I can run the scheduler as admin and save that configuration including the credentials". Obviously, Windows has no such feature built-in, but using some PowerShell commands I can:
- Save my credentials into a file
- Load it later
- Execute something using that credential.
Now, let’s say the user is called Bob. Let’s create some files somewhere Bob can access but not so visible (we want to hide the ugliness of our solution). Bob’s AppData folder sounds like a good place to put our files, so we will create a folder called Scheduler inside it. The folder’s path will be: C:\Users\Bob\AppData\Roaming\Scheduler. If you’re logged as Bob, simply opening the Run command window (Win Key+R) and typing %AppData% will open up that path. You then just need to create the new Scheduler folder.
First, we save our credential by opening a PowerShell and typing:
$credential | Export-CliXml "C:\Users\Bob\AppData\Roaming\Scheduler\credential.xml"
After our credential is saved, we create a PowerShell script to load the Task Scheduler using that credential. Here is the file’s content:
$credential = Import-Clixml .\credential.xml
Start-Process "C:\Windows\System32\cmd.exe" -workingdirectory $(pwd) -Credential $credential -ArgumentList "/c %windir%\system32\taskschd.msc /s"
We will save that file as: C:\Users\Bob\AppData\Roaming\Scheduler\impersonate.ps1
Then, create a link onto Bob’s desktop folder with the following configuration:
- Target:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Users\Bob\AppData\Roaming\Scheduler\impersonate.ps1" - Start in:
C:\Users\Bob\AppData\Roaming\Scheduler
You can even change the icon so it looks like the real Task Scheduler. You can find the icon in this file: %windir%\system32\miguiresource.dll
Do you have a different way of working around this bug? If you do, please share in the comments bellow.
Development Stuffs 