Scheduled Tasks creation

[TechMedx 1]

This might be over and above ERA's main function, but figured I would ask the community at large. I am trying the scheduled I task to wake the machine up at 2AM and check-in with the ERA server. I tried using;

schtasks.exe /create /tn taskname /xml c:\TechMedX\taskname.xml /f

When that command is executed on the computer (from elevated cmd) it imports all the setting in taskname.xml into a new task and schedules it, however when I deploy it via ERA i does nothing.

I have also created a taskname.cmd file in placed it locally on the computer, with that single command in the file. When I run tskname.cmd with admin rights on the local machine the task is scheduled, when I tell ERA to execute taskname.cmd it does nothing. 

 

Any thoughts as to why this command won't work with ERA? Obviously I am looking to script this for deployment to over 300+ machines and not schedule each tasks locally. Thanks for any and all input!

[TechMedx 1]

So this seems to be a permissions issue. I edited the file "taskname.cmd" to add a line that runs ipconfig.exe and outputs to a .txt file just before running the schtaks.exe command which also outputs to a txt file. Ipconfig.exe runs and outputs correctly, but I get no result on the other command. I can replicate this by executing the file in a NON-elevated command window. If executed from an elevated command window it works and both .txt file have output. 

So my question, shouldn't all jobs executed by the agent using "Run Command" run with admin privileges? If not how do you give it admin rights?

Any help is appreciated.

[MartinK 378]

18 hours ago, TechMedx said:

So my question, shouldn't all jobs executed by the agent using "Run Command" run with admin privileges? If not how do you give it admin rights?

Run command task are executed under AGENT's context. By default, AGENT is running as "Local System" account, which may be cause of this. It is possible to test it locally by impersonating to this account (see for example this article how to do that). Also it is possible to change account under which is AGENT running, but it would require manual reconfiguration of service.

[TechMedx 1]

Thank you for the response that makes much more since now.  I used the program you posted or testing (big help). I have downloaded a couple programs to try to "runas" another user, but it looks like they are all limited to the restrictions of the "System" account. (I used NIRCMD and CPAU, both great but failed under "system" testing)

Do you have a link to how to change the account the agent is running under?

Would there be any way to script that during the installation.reinstall process?

[MartinK 378]

Account under which is service running can be changes in standard windows "Services" configuration (i.e. run services.msc). Be aware that it is not recommended, as it may have impact on AGENT functionality.

[TechMedx 1]

Thanks I tried but access denied, both service.msc and sc config. No worries I understand the limitation and can live without. Thanks for the help. I know it's off topicish.