Powershell script does not run via Scheduled Tasks
Asked Answered
S

21

40

I have a small script on my Domain Controller that is setup to email me via SMTP about the latest Security Event 4740.

The script, when executed manually, will run as intended; however, when setup to run via Scheduled Tasks, and although it shows to have been executed, nothing happens (no email).

The script is as follows:

If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))

{   
$arguments = "& '" + $myinvocation.mycommand.definition + "'"
Start-Process powershell -Verb runAs -ArgumentList $arguments
Break
}

$Event = Get-EventLog -LogName Security -InstanceId 4740 -Newest 5
$MailBody= $Event.Message + "`r`n`t" + $Event.TimeGenerated

$MailSubject= "Security Event 4740 - Detected"
$SmtpClient = New-Object system.net.mail.smtpClient
$SmtpClient.host = "smtp.domain.com"
$MailMessage = New-Object system.net.mail.mailmessage
$MailMessage.from = "[email protected]"
$MailMessage.To.add("toemail.domain.com")
$MailMessage.IsBodyHtml = 1
$MailMessage.Subject = $MailSubject
$MailMessage.Body = $MailBody
$SmtpClient.Send($MailMessage)

Scheduled Task is setup as follows:

RunsAs:LOCAL SYSTEM

Trigger: On event - Log: Security, Event ID: 4740

Action:  Start Program - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

  Argument:  -executionpolicy bypass c:\path\event4740.ps1

I have also tried the following:

Trigger: On event - Log: Security, Event ID: 4740

Action:  Start Program - C:\path\event4740.ps1

According to the Tasks History: Task Started, Action Started, Created Task Process, Action Completed, Task Completed. I have looked through some various links on the site with the same 'issue' but they all seem to have some sort of variable that I do not have. I have also tried some of the mentioned solutions thinking they may be somewhat related, but alas nothing is working. I have even tried removing my Scheduled Task and resetting it as mentioned here: http://blogs.technet.com/b/heyscriptingguy/archive/2012/08/11/weekend-scripter-use-the-windows-task-scheduler-to-run-a-windows-powershell-script.aspx

Has anyone run into this type of error before or know how to bypass this issue?

Troubleshooting:

I decided to try an call a .bat file via a scheduled task. I created a simple file that would echo the current date/time to a monitored folder. Running the file manually and via a task triggered by the 4740 Event achieved desired results. Changing the .bat file to instead call the .ps1 file worked manually. When triggered by the 4740 Event, now the .bat will no longer run.

Skill answered 15/8, 2013 at 19:11 Comment(3)
Thanks for the heads up @Amit, even though the question was solved without criticism or relevance of a typographical error.Skill
I understand. I mention that here only because I intend to use this question as an illustration/reference in the future when I will be inevitably explaining to someone that 1 Picture > 1 Kiloword. There are many other options in the Task Scheduler other than the runas account that can cause such problems, that you didn't list. The typo is absolutely relevant, because localsystem and localservice are polar opposites in terms of rights. Also, your workaround, a permanent locked session on a domain server, certainly sounds like the wrong and unsafe way to solve this problem.Marceline
I was able to get the script to run in task manager with the same issues by fully qualifying the powershell.exe. "C:\...\...\powershell.exe" as the program/script.Clapper
G
48

Change your Action to:

powershell -noprofile -executionpolicy bypass -file C:\path\event4740.ps1

On a Windows 2008 server R2: In Task Scheduler under the General Tab - Make sure the 'Run As' user is set to an account with the right permissions it takes to execute the script.

Also, I believe you have the "Run only when user is logged on" Option checked off. Change that to "Run whether user is logged on or not". Leave the Do Not Store password option unchecked, and you'll probably need the "Run with Highest Privileges" option marked.

Gentlemanly answered 15/8, 2013 at 20:29 Comment(5)
Hey Cole, thanks for the response. I have tried your suggestion; however, I am running into the same scenario. I can invoke a 4740 Event, the Task Scheduler shows that it acknowledges the Event and starts the process but yet again nothing is happening. I have tried the -noexit switch before as well but doesn't seem to help any when the Powershell never opens.Skill
Next thing I would try changing is RunAs local system. What happens when you enter an actual admin account to runas, one that has privileges on both the sending pc and the smtp server?Gentlemanly
Sorry, it is actually LOCAL SERVICE. Due to the security restrictions and Group Policies currently in place, no users have 'Log on as batch job' rights. If you think this may be the issue, I can inject an account and try again.Skill
I can't promise it will fix your problem but it's worth a shot. The task should be RunAs SYSTEM or under an admin accountGentlemanly
Injected my user account (admin) and gave it a shot. This time, the Task hung on the 'Created Task Process' and had to manually be stopped.Skill
F
10

NOTE: Please ensure that you select Create a Basic task Action and NOT the Create Task Action.

I found the following solution:

1) Make powershell.exe run as administrator for this

  1. right-click on the powershell.exe icon
  2. click on properties under the shortcut key menu
  3. click on the advance button; check that "run as administrator" is checked.

2) in the task scheduler window under the action pane add the following script as a new command

%SystemRoot%\syswow64\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy Bypass -noexit -File "C:\ps1\BackUp.ps1"

enter image description here

Fayalite answered 8/6, 2016 at 10:9 Comment(1)
This Worked for me, it was the quotes around the ile name, which is ridicuous... Program script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Arguments: --noprofile -executionpolicy unrestricted -noninteractive -file "path\to\my\powershellscriptps1" and Start In c:\MyPath\to\pwoershel\lscriptOrcutt
I
8

Although you may have already found a resolution to your issue, I'm still going to post this note to benefit someone else. I ran into a similar issue. I basically used a different domain account to test and compare. The task ran just fine with "Run whether user is logged on or not" checked.

A couple of things to keep in mind and make sure of:

  1. The account being use to execute task must have "Logon as batch job" rights under the local security policy of the server (or be member of local Admin group). You must specified the account you need to run scripts/bat files.
  2. Make sure you are entering the correct password characters
  3. Tasks in 2008 R2 don't run interactively specially if you run them as "Run whether user is logged on or not". This will likely fail specially if on the script you are looking for any objects\resource specific to a user-profile when the task was created as the powershell session will need that info to start, otherwise it will start and immediately end. As an example for defining $Path when running script as "Run whether user is logged on or not" and I specify a mapped drive. It would look for that drive when the task kicks off, but since the user account validated to run task is not logged in and on the script you are referring back to a source\object that it needs to work against it is not present task will just terminate. mapped drive (\server\share) x:\ vs. Actual UNC path \server\share
  4. Review your steps, script, arguments. Sometimes the smallest piece can make a big difference even if you have done this process many times. I have missed several times a character when entering the password or a semi-colon sometimes when building script or task.

Check this link and hopefully you or someone else can benefit from this info: https://technet.microsoft.com/en-us/library/cc722152.aspx

Implore answered 6/4, 2015 at 19:42 Comment(2)
This was the issue for my case while acessing TFS API through the client DLLs. Oddly enough it was only pertaining to Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStore go figure. Many thanks!Nehemiah
This answer brought a successful end to an all day debugging session. Making sure my task only ran while the user was logged in was the answer for my script; otherwise my script was running "successfully," and with no errors, but nonetheless failing to do the job. Thank you!Caffrey
J
3

If you don't have any error messages and don't know what the problem is - why PowerShell scripts don't want to start from a Scheduled Task do the following steps to get the answer:

  1. Run CMD as a user who has been set for Scheduled Task to execute the PowerShell script
  2. Browse to the folder where the PowerShell script is located
  3. Execute the PowerShell script (remove all statements that block the error notifications if any exists inside of the script like $ErrorActionPreference= 'silentlycontinue')

You should be able to see all error notifications.

In case of one of my script it was:

"Unable to find type [System.ServiceProcess.ServiceController]. Make sure that the assembly that contains this type is loaded."

And in this case I have to add additional line at the begining of the script to load the missing assembly:

Add-Type -AssemblyName "System.ServiceProcess"

And next errors:

Exception calling "GetServices" with "1" argument(s): "Cannot open Service Control Manager on computer ''. This operation might require other privileges."

select : The property cannot be processed because the property "Database Name" already exists

Jessalin answered 7/9, 2018 at 10:10 Comment(1)
Nice! Simple but effective cmd.exe to the rescue. That immediately showed me an error indicating where I'd been stupid. :)Patio
B
3

Good morning,

I know this is an old thread but I just ran across it while looking for a similar problem - script was running successfully but not doing its work. I can't find the post that helped me but my issue was that I was running the script as the domain admin. When I followed the suggestion of the post and added the domain admin to the local administrator's group it worked. I hope this helps others with the same issue I had.

Joe

Beeeater answered 11/2, 2021 at 17:22 Comment(0)
A
2

Implemented the ExecutionPolicy Bypass argument to get the scheduled task working.

Program: Powershell.exe
Add Arguments: -ExecutionPolicy Bypass -File C:\pscommandFile.ps1
Attack answered 17/11, 2015 at 0:28 Comment(1)
Running the script as if it was "Run As Administrator" is not what the -ExecutionPolicy Bypass flag does. That flag simply allows the script to be run regardless of the current system PowerShell ExecutionPolicy.Sarnen
S
1

Found successful workaround that is applicable for my scenario:

Don't log off, just lock the session!

Since this script is running on a Domain Controller, I am logging in to the server via the Remote Desktop console and then log off of the server to terminate my session. When setting up the Task in the Task Scheduler, I was using user accounts and local services that did not have access to run in an offline mode, or logon strictly to run a script.

Thanks to some troubleshooting assistance from Cole, I got to thinking about the RunAs function and decided to try and work around the non-functioning logons.

Starting in the Task Scheduler, I deleted my manually created Tasks. Using the new function in Server 2008 R2, I navigated to a 4740 Security Event in the Event Viewer, and used the right-click > Attach Task to this Event... and followed the prompts, pointing to my script on the Action page. After the Task was created, I locked my session and terminated my Remote Desktop Console connection. WIth the profile 'Locked' and not logged off, everything works like it should.

Skill answered 15/8, 2013 at 23:1 Comment(0)
S
1

In addition to advices from above I was getting error and found solution on following link http://blog.vanmeeuwen-online.nl/2012/12/error-value-2147942523-on-scheduled.html.

Also this can help:

In task scheduler, click on the scheduled job properties, then settings.

In the last listed option: "if the task is already running, the following rule applies:" Select "stop the existing instance" from the drop down list.

Solfa answered 28/1, 2014 at 7:21 Comment(0)
H
1

I think the answer to this is relevant too:

Why is my Scheduled Task updating its 'Last Run Time' correctly, and giving a 'Last Run Result' of '(0x0)', but still not actually working?

Summary: Windows 2012 Scheduled Tasks do not see the correct environment variables, including PATH, for the account which the task is set to run as. But you can test for this, and if it is happening, and once you understand what is happening, you can work around it.

Holmen answered 16/9, 2015 at 15:53 Comment(1)
Also, not logging off changes this, and basically fixes it, so it might(?) be related to the answer here about not logging off, too?Holmen
T
1

One more idea that worked. It's really silly, but, apparently, the default target OS setting (bottom right corner of the screen) is Vista / Windows Server 2008. As we're past the 10 year mark, it is likely that your Powershell script will not be compatible to these.

Changing the target to Windows Server 2016, as shown on the screenshot below, did the trick for me.

Change the setting on the screenshot

Tm answered 3/4, 2019 at 2:57 Comment(0)
M
0

I was having almost the same problem as this but slightly different on Server 2012 R2. I have a powershell script in Task Scheduler that copies 3 files from one location to another. If I run the script manually from powershell, it works like a charm. But when run from Task Scheduler, it only copies the first 2 small files, then hang on the 3rd (large file). And I was also getting a result of "The operator or administrator has refused the request". And I have done almost everything in this forum.

Here is the scenario and how I fixed it for me. May not work for others, but just in case it will:

Scenario: 1. Powershell script in Task Scheduler 2. Ran using a domain account which is a local admin on the server 3. Selected 'Run whether user is logged on or not" 4. Run with highest priviledges

Fix: 1. I had to login to the server using the domain account so that it created a local profile in C:\Users. 2. Checked and made user that the user has access to all the drives I referred to on my script

I believe #1 is the main fix for me. I hope this works for others out there.

Myrmecophagous answered 15/4, 2015 at 19:39 Comment(1)
You could also run with -noprofile e.g: powershell.exe -noprofile -ExecutionPolicy Bypass -File foo.ps1Ind
C
0

If youu are having this problem under WIN 10 this might solve your problem as it did for me. An update messed up the task scheduler.

http://answers.microsoft.com/en-us/windows/forum/windows_10-performance/anniversary-update-version-1607-build14393-breaks/d034ab52-5d49-4b92-976a-a1355b5a6e6d?page=2

This comment solved my problem.

Your tip about "one-time" tasks works great - it will definitely be sufficient as a workaround until MS fixes the issue. The only advantage to "daily" as far as I can see is that lack of the arbitrary date associated with the run time. It might be confusing to others as to why the job is set to start on X date.

Trigger settings "Einmal" means "one-time", "Sofort" means "At once"

Circumstance answered 9/11, 2016 at 15:38 Comment(0)
C
0

In my case (the same problem) helped to add -NoProfile in task action command arguments and check checkbox "Run with highest privileges", because on my server UAC is on (active).

More info about it enter link description here

Caustic answered 20/1, 2017 at 9:27 Comment(0)
S
0

I have another solution for this problem that might apply to some of you.

After I created my power shell (xyz.ps1) script, I opened it in notepad for subsequent editing. Hence Windows made an association between my xyz.ps1 file with notepad.exe and Scheduler was trying to run my power shell script (xyz.ps1) with notepad.exe in the background instead of executing it in Powershell. I found this problem by paying close attention to "Display all running tasks" section in the scheduler, which showed that notepad.exe was being used to run the xyz.ps1 script. To verify this, I right clicked on my xyz.ps1 file in windows explorer, went to "Properties", and it showed Notepad against the "Opens With" section. Then I changed the "Opens With" to %SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe. This did the trick. Now the scheduler would execute my xyz.ps1 using powershell.exe and gave me the desired results.

To locate your powershell.exe, refer to this article: https://www.powershelladmin.com/wiki/PowerShell_Executables_File_System_Locations

Statius answered 6/2, 2018 at 17:12 Comment(0)
W
0

I had very similar issue, i was keeping the VSC window with powershell script all the time when running the schedule task manually. Just closed it and it started working as expected.

Whitley answered 27/2, 2019 at 4:17 Comment(0)
J
0

I had the same issue, while running the couple of scripts. When i execute it manually from task scheduler, The script was executing flawlessly. But it was not executing at the scheduled time automatically.

The following resolution worked for me

Find the location of the powershell exe , Right click and go to security options,Add the "Authenticated users" to the group or user names and give full control.

Once this is done wait for the script to executed.

Johannisberger answered 14/11, 2019 at 11:7 Comment(0)
T
0

In my case it was related to a .ps1 referral inside the ps1 script which was not signed (you need to unblock it at the file properties) , also I added as first line:

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force

Then it worked

Temper answered 24/6, 2020 at 20:19 Comment(0)
A
0

My fix to this problem was to ensure I used the full path for all files names in the ps1 file.

Atween answered 25/6, 2020 at 16:53 Comment(0)
A
0

I had a similar problem where only half the script would run using task scheduler, but would run fine under the same account running the script manually. The problem was I was referencing my own module. When I added the functions directly to my script file, the task scheduler worked, but when I used the module task scheduler failed. The same coded (module) running under the same account worked fine without task scheduler.

I think this was some type of issue with how windows handles environment variables doing a run as. When I referenced the module via the full path (instead of module name) it worked from task scheduler.

Andizhan answered 1/4, 2021 at 18:22 Comment(0)
C
-1

I wanted to stop windows update ,so wrote a powershell script and scheduled using windows task scheduler with below configuration

Edit action and the set Program/script as your system path of powershell

%SystemRoot%\syswow64\WindowsPowerShell\v1.0\powershell.exe

Then Arguments are

-NoLogo -NonInteractive -ExecutionPolicy Bypass -noexit -File "G:\stopwinupdates.ps1"

G:/ is the path of my script to stop windows update

A snapshot the process

enter image description here

But the problem was that powershell console would open and wait for an user action to complete the task . Just closing powershell console would do the job but it was annoying ,so we need to check the attribute in the general Run whether user is logged in or not

enter image description here

Caudex answered 13/7, 2024 at 15:23 Comment(0)
L
-3

after trying a lot of time...

task scheduler : powershell.exe -noexit & .\your_script.ps1

be sure to put your script in this folder : windows\system32

good luck !

Loomis answered 8/2, 2015 at 20:50 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.