task scheduler “Run task as soon as possible…”

Welcome Forums General PowerShell Q&A task scheduler “Run task as soon as possible…”

Viewing 2 reply threads
  • Author
    Posts
    • #285532
      Participant
      Topics: 4
      Replies: 7
      Points: 11
      Rank: Member

      Hello all,

      I’m trying to create a script that remotely gives a user admin permissions to their system and also creates a scheduled task locally on their system to remove the admin permissions 6 hours later.

      I ‘ve got just about everything working except creating the task.  I have been unable to identify a way to create a task with the setting “run task as soon as possible after a scheduled start is missed”.  I noticed some people online bring this up and a work around seems to be referencing an xml file instead.  I then created a task and exported it for an xml template.

      Can someone tell me if i am going about this the correct way, and if so, i will show my error message and maybe you can point out my issue.

      Go easy on me in any explanations please.  I’m a powershell newbie.

      Thank you!

      Error returned…
      “Cannot validate argument on parmeter ‘xml’…”

    • #285535
      Participant
      Topics: 5
      Replies: 263
      Points: 1,045
      Helping Hand
      Rank: Community Hero

      The error message is key here.  Something is not correct in your xml, so without seeing that, it’s hard to say what is wrong.  More important however is the logic behind what you are doing.  Why would you give someone admin privileges for 6 hours and remove them with a scheduled task? Once they have admin privileges they can just delete the task and keep it.  Are you just blindly trusting the user or relying on user ignorance to enforce security?  Whatever is driving this need I’m sure there is a better way even if the user needs admin privileges on the local machine for 6 hours, a better way to do it is with a GPO on the domain.

    • #285541
      Participant
      Topics: 10
      Replies: 206
      Points: 1,010
      Helping Hand
      Rank: Community Hero

      Have you tried this:

      invoke-command -computername $pcname -scriptblock { Register-scheduledtask -xml $Using:finalxml -taskname AdminPermissionRemoval -Principal $Using:principal }
      I second Mike R. thoughts and suggestion. Giving admin for 6 hours is a bad idea.
Viewing 2 reply threads
  • You must be logged in to reply to this topic.