+ Post New Thread
Results 1 to 12 of 12
Windows Thread, Run Scheduled Task as a student user in Technical; Hi all, ive created a scheduled task which runs a bat file that connects to a network share and robocopies ...
  1. #1

    Join Date
    Mar 2010
    Posts
    34
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Run Scheduled Task as a student user

    Hi all,


    ive created a scheduled task which runs a bat file that connects to a network share and robocopies the differences to a folder on the c:

    i want the scheduled task to be able to run under a student account. iv set the RUN AS section of the task to NT AUTHORITY\SYSTEM hoping this would work but it does not.

    the error the users get when running the task (via a shortcut using schtasks.exe) is

    ERROR: Access is denied.

    and in the scheduled task log it says "Result: The task completed with an exit code of (0)."



    any ideas on how i can accomplish this????



    thanks,


    ITHelp

  2. #2

    Join Date
    May 2008
    Posts
    60
    Thank Post
    1
    Thanked 7 Times in 7 Posts
    Rep Power
    22
    you could try running the process with elevated permissions using the runas command - The command line switches are (pulled from Microsoft)

    Runas

    Allows a user to run specific tools and programs with different permissions than the user's current logon provides.

    Syntax
    runas [{/profile|/noprofile}] [/env] [/netonly] [/smartcard] [/showtrustlevels] [/trustlevel] /user:UserAccountName program

    Top of page
    Parameters
    /profile : Loads the user's profile. /profile is the default.

    /no profile : Specifies that the user's profile is not to be loaded. This allows the application to load more quickly, but it can also cause a malfunction in some applications.

    /env : Specifies that the current network environment be used instead of the user's local environment.

    /netonly : Indicates that the user information specified is for remote access only.

    /smartcard : Indicates whether the credentials are to be supplied from a smartcard.

    /showtrustlevels : Lists the /trustlevel options.

    /trustlevel : Specifies the level of authorization at which the application is to run. Use /showtrustlevels to see the trust levels available.

    /user:UserAccountName : Specifies the name of the user account under which to run the program. The user account format should be user@domain or Domain\User.

    program : Specifies the program or

  3. #3

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,144
    Thank Post
    113
    Thanked 518 Times in 447 Posts
    Blog Entries
    2
    Rep Power
    121
    I don't think runas will help - it's going to prompt for a username and password.

    You need to get the student to sit with you. You log on as admin and create the task. They then enter their username and password in the credentials section. I think you'll get a popup saying "user xxx has been assigned the logon as a batch job right" but it should then work.

  4. #4
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,486
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    50
    Could you add the script to your login scripts? that way it will be run as higher privileges so it can happen but the student can't play with it?

  5. #5

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,144
    Thank Post
    113
    Thanked 518 Times in 447 Posts
    Blog Entries
    2
    Rep Power
    121
    Quote Originally Posted by p858snake View Post
    Could you add the script to your login scripts? that way it will be run as higher privileges so it can happen but the student can't play with it?
    Logon script runs as the user logging on - it has exactly the same privileges.
    Machine startup script runs as the local system account - it has high privileges on the local machine (effectively local administrator) but doesn't have any network access (so can't connect to a network share unless you give "domain computers" access to the resource)

  6. #6

    Join Date
    Mar 2010
    Posts
    34
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    what we are attempting to do is:

    the student uses a shared desktop and start menu which are local on the c:, simply to cut down on network traffic. these are updated via mirroring the same shares on the server (done by robocopy mirroring). but if we update during the lesson we want a way to update it under a pupils account.


    thanks,


    IThelp

  7. #7

    Join Date
    May 2008
    Posts
    60
    Thank Post
    1
    Thanked 7 Times in 7 Posts
    Rep Power
    22
    I think there is a flaw in your logic somewhere .. surely copying the desktop and start program shortcuts down to each machine will actually increase your network bandwidth?

    Where are you copying this to? If you have a dedicated directory structure (not in the users local profile), then you could use a GPO to set the local directory ACL's and then ther won't be a problem with copying. The downside would of course be that the users would have r/w access, but if its cleared and re-copied each time the process runs - I doubt if it would be a problem.

    But, I would still suggest that you put the desktop and start menu on a server, I can't see it having that a big of a system load.

  8. #8

    Join Date
    Mar 2010
    Posts
    34
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    it works fine for us.

    any ideas about getting a scheduled task to run as a student?

  9. #9

    Join Date
    May 2008
    Posts
    60
    Thank Post
    1
    Thanked 7 Times in 7 Posts
    Rep Power
    22
    It appears that SCHTASKS can probably do it as it allows a username and password to be provided. Also - /s switch sort of indicates that you could control this from the server itself




    SCHTASKS /Create /?

    SCHTASKS /Create [/S system [/U username [/P password]]]
    [/RU username [/RP password]] /SC schedule [/MO modifier] [/D day]
    [/I idletime] /TN taskname /TR taskrun [/ST starttime] [/M months]
    [/SD startdate] [/ED enddate]

    Description:
    Enables an administrator to create scheduled tasks on a local or
    remote systems.

    Parameter List:
    /S system Specifies the remote system to
    connect to. If omitted the system
    parameter defaults to the local
    system.

    /U username Specifies the user context under
    which the command should execute.

    /P password Specifies the password for the given
    user context.

    /RU username Specifies the user account (user
    context) under which the task runs.
    For the system account, valid values
    are "", "NT AUTHORITY\SYSTEM" or
    "SYSTEM".

    /RP password Specifies the password for the user.
    To prompt for the password, the value
    must be either "*" or none.
    Password will not effect for the
    system account.

    /SC schedule Specifies the schedule frequency.
    Valid schedule types: MINUTE, HOURLY,
    DAILY, WEEKLY, MONTHLY, ONCE,
    ONSTART, ONLOGON, ONIDLE.

    /MO modifier Refines the schedule type to allow
    finer control over schedule
    recurrence. Valid values are listed
    in the "Modifiers" section below.

    /D days Specifies the day of the week to run
    the task. Valid values: MON, TUE,
    WED, THU, FRI, SAT, SUN and for
    MONTHLY schedules 1 - 31 (days of the
    month).

    /M months Specifies month(s) of the year.
    Defaults to the first day of the
    month. Valid values: JAN, FEB, MAR,
    APR, MAY, JUN, JUL, AUG, SEP, OCT,
    NOV, DEC.

    /I idletime Specifies the amount of idle time to
    wait before running a scheduled
    ONIDLE task.
    Valid range: 1 - 999 minutes.

    /TN taskname Specifies a name which uniquely
    identifies this scheduled task.

    /TR taskrun Specifies the path and file name of
    the program to be run by this
    scheduled task.
    Example: C:\windows\system32\calc.exe

    /ST starttime Specifies the time to run the task.
    The time format is HH:MM:SS (24 hour
    time) for example, 14:30:00 for
    2:30 PM.

    /SD startdate Specifies the first date on which the
    task runs. The format is
    "mm/dd/yyyy".

    /ED enddate Specifies the last date when the task
    should run. The format is
    "mm/dd/yyyy".

    /? Displays this help/usage.

    Modifiers: Valid values for the /MO switch per schedule type:
    MINUTE: 1 - 1439 minutes.
    HOURLY: 1 - 23 hours.
    DAILY: 1 - 365 days.
    WEEKLY: weeks 1 - 52.
    ONCE: No modifiers.
    ONSTART: No modifiers.
    ONLOGON: No modifiers.
    ONIDLE: No modifiers.
    MONTHLY: 1 - 12, or
    FIRST, SECOND, THIRD, FOURTH, LAST, LASTDAY.

    Examples:
    SCHTASKS /Create /S system /U user /P password /RU runasuser
    /RP runaspassword /SC HOURLY /TN rtest1 /TR notepad
    SCHTASKS /Create /S system /U domain\user /P password /SC MINUTE
    /MO 5 /TN rtest2 /TR calc.exe /ST 12:00:00
    /SD 10/20/2001 /ED 10/20/2001 /RU runasuser /RP
    SCHTASKS /Create /SC MONTHLY /MO first /D SUN /TN game
    /TR c:\windows\system32\freecell
    SCHTASKS /Create /S system /U user /P password /RU runasuser
    /RP runaspassword /SC WEEKLY /TN test1 /TR notepad.exe
    SCHTASKS /Create /S system /U domain\user /P password /SC MINUTE
    /MO 5 /TN test2 /TR c:\windows\system32\notepad.exe
    /ST 18:30:00 /RU runasuser /RP *
    SCHTASKS /Create /SC MONTHLY /MO first /D SUN /TN cell
    /TR c:\windows\system32\freecell /RU runasuser

  10. #10
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,386
    Thank Post
    10
    Thanked 483 Times in 423 Posts
    Rep Power
    110
    You could have a look at the per user options for scheduled tasks in group policy preferences. Although if you are using Vista, the v2 ones are currently broken.

  11. #11
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,254
    Thank Post
    75
    Thanked 45 Times in 31 Posts
    Rep Power
    30
    We use a shared desktop and start menu too but it's redirected via GPO to a folder under NETLOGON - as long as you keep the folders to just shortcuts the size is minimal....




    Quote Originally Posted by ithelp View Post
    what we are attempting to do is:

    the student uses a shared desktop and start menu which are local on the c:, simply to cut down on network traffic. these are updated via mirroring the same shares on the server (done by robocopy mirroring). but if we update during the lesson we want a way to update it under a pupils account.


    thanks,


    IThelp

  12. #12
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,346
    Thank Post
    66
    Thanked 174 Times in 146 Posts
    Rep Power
    59
    I know this thread is ancient, but I am doing something similar and it has to do with the NTFS permissions of the task file itself.

    find the task you want to run usually in c:\windows\system32\tasks

    right click and change NTFS permissions of the user or group to Read and Execute

    The user should then be able to use schtasks /run /tn "NameOfTask"

SHARE:
+ Post New Thread

Similar Threads

  1. [PHP] Scheduled Task
    By T_Noble in forum Web Development
    Replies: 7
    Last Post: 19th January 2010, 02:27 PM
  2. Scheduled Task Query
    By Semple1 in forum EduGeek Shutdownertron
    Replies: 1
    Last Post: 24th November 2009, 09:36 PM
  3. Disobedient NTBackup will not run Scheduled Task
    By Batman in forum Windows Server 2000/2003
    Replies: 12
    Last Post: 23rd October 2009, 06:43 PM
  4. Script to create a scheduled task
    By FN-GM in forum Scripts
    Replies: 3
    Last Post: 2nd May 2009, 07:17 PM
  5. Deploy a scheduled task!
    By Ste_Harve in forum How do you do....it?
    Replies: 2
    Last Post: 14th September 2007, 02:04 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •