NassauSky Posted September 4, 2023 Share Posted September 4, 2023 (edited) Turns out the schtasks command doesn't seem to have a query that returns the ONLOGON tasks so I'm looking for another way to do so. I then noticed the files inside the C:\Windows\System32\Tasks folder are XML files which tell you the state of the triggers in a particular node. Now I need a way to parse those system files. Parsing isn't the problem but being that they have a System attribute stumps me. I don't want to change their attributes because if the app ever crashes then they'll be left without system attribute set. First option is if can read them directly. 2nd option I looked at the RunAs command to copy the files to a temp location to read but I didn't see an option to RunAs with system credentials. RunAs("myUser",@ComputerName,"myPass", $RUN_LOGON_INHERIT , "cmd /k copy C:\Windows\System32\Tasks\*. C:\Temp\Tasks") All I need to know is which services are triggered ONLOGON so if there is a less intrusive way to do this I'm all ears. Thanks! Edited September 4, 2023 by NassauSky Link to comment Share on other sites More sharing options...
argumentum Posted September 4, 2023 Share Posted September 4, 2023 37 minutes ago, NassauSky said: Parsing isn't the problem but being that they have a System attribute stumps me. Curious by your post I went there. Read each file with notepad running as administrator. I guess all you need is #RequireAdmin Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting. Link to comment Share on other sites More sharing options...
Andreik Posted September 5, 2023 Share Posted September 5, 2023 (edited) #RequireAdmin #include <Array.au3> $aLogonTasks = GetLogonTasks() _ArrayDisplay($aLogonTasks) Func GetLogonTasks($sFolder = '\') Local $sResult Local $oScheduleService = ObjCreate('Schedule.Service') $oScheduleService.Connect() $oRoot = $oScheduleService.GetFolder($sFolder) $oCollection = $oRoot.GetTasks(0) For $oTask In $oCollection If StringInStr($oTask.XML, 'LogonTrigger') Then $sResult &= $oTask.Name & Chr(1) Next Return StringSplit(StringTrimRight($sResult, 1), Chr(1)) EndFunc Or something like this. Edited September 5, 2023 by Andreik argumentum 1 Link to comment Share on other sites More sharing options...
NassauSky Posted September 5, 2023 Author Share Posted September 5, 2023 @argumentum and @Andreik I apologize for not mentioning that option and thanks there has to be a way though without using RequireAdmin which raises a UAC dialog which hampers the whole project I'm working with. Link to comment Share on other sites More sharing options...
argumentum Posted September 5, 2023 Share Posted September 5, 2023 2 hours ago, NassauSky said: without using RequireAdmin which raises a UAC dialog which hampers the whole project I'm working with. If you are just making a query with Andreik's code, the admin level was not required in my testing. Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting. Link to comment Share on other sites More sharing options...
Andreik Posted September 5, 2023 Share Posted September 5, 2023 (edited) Without #RequireAdmin it won't return all tasks. Basically it won't return tasks that have checked the option "Run with the highest privileges". Quote there has to be a way though without using RequireAdmin I highly doubt about that. It would be a total non-sense for windows to let you access Tasks directory from System32 or TaskCache from registry without admin privileges. Edited September 5, 2023 by Andreik argumentum 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now