Jump to content

Finding a list of scheduled tasks that run ONLOGON


 Share

Recommended Posts

 

Turns out the schtasks command doesn't seem to have a query that returns the ONLOGON tasks so I'm looking for another way to do so.

I then noticed the files inside the C:\Windows\System32\Tasks folder are XML files which tell you the state of the triggers in a particular node.

Now I need a way to parse those system files.  Parsing isn't the problem but being that they have a System attribute stumps me.

I don't want to change their attributes because if the app ever crashes then they'll be left without system attribute set.  First option is if can read them directly. 2nd option I looked at the RunAs command to copy the files to a temp location to read but I didn't see an option to RunAs with system credentials.

RunAs("myUser",@ComputerName,"myPass", $RUN_LOGON_INHERIT , "cmd /k copy C:\Windows\System32\Tasks\*. C:\Temp\Tasks")

All I need to know is which services are triggered ONLOGON so if there is a less intrusive way to do this I'm all ears.

Thanks!

Edited by NassauSky
Link to comment
Share on other sites

37 minutes ago, NassauSky said:

Parsing isn't the problem but being that they have a System attribute stumps me.

Curious by your post I went there. Read each file with notepad running as administrator. I guess all you need is #RequireAdmin

Follow the link to my code contribution ( and other things too ).
FAQ - Please Read Before Posting.
autoit_scripter_blue_userbar.png

Link to comment
Share on other sites

#RequireAdmin
#include <Array.au3>

$aLogonTasks = GetLogonTasks()
_ArrayDisplay($aLogonTasks)

Func GetLogonTasks($sFolder = '\')
    Local $sResult
    Local $oScheduleService = ObjCreate('Schedule.Service')
    $oScheduleService.Connect()
    $oRoot = $oScheduleService.GetFolder($sFolder)
    $oCollection = $oRoot.GetTasks(0)
    For $oTask In $oCollection
        If StringInStr($oTask.XML, 'LogonTrigger') Then $sResult &= $oTask.Name & Chr(1)
    Next
    Return StringSplit(StringTrimRight($sResult, 1), Chr(1))
EndFunc

Or something like this.

Edited by Andreik
Link to comment
Share on other sites

2 hours ago, NassauSky said:

without using RequireAdmin which raises a UAC dialog which hampers the whole project I'm working with. 

If you are just making a query with Andreik's code, the admin level was not required in my testing. :)

Follow the link to my code contribution ( and other things too ).
FAQ - Please Read Before Posting.
autoit_scripter_blue_userbar.png

Link to comment
Share on other sites

Without #RequireAdmin it won't return all tasks. Basically it won't return tasks that have checked the option "Run with the highest privileges".

 

Quote

there has to be a way though without using RequireAdmin

I highly doubt about that. It would be a total non-sense for windows to let you access Tasks directory from System32 or TaskCache from registry without admin privileges.

Edited by Andreik
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...