NassauSky Posted September 4, 2023 Posted September 4, 2023 (edited) Turns out the schtasks command doesn't seem to have a query that returns the ONLOGON tasks so I'm looking for another way to do so. I then noticed the files inside the C:\Windows\System32\Tasks folder are XML files which tell you the state of the triggers in a particular node. Now I need a way to parse those system files. Parsing isn't the problem but being that they have a System attribute stumps me. I don't want to change their attributes because if the app ever crashes then they'll be left without system attribute set. First option is if can read them directly. 2nd option I looked at the RunAs command to copy the files to a temp location to read but I didn't see an option to RunAs with system credentials. RunAs("myUser",@ComputerName,"myPass", $RUN_LOGON_INHERIT , "cmd /k copy C:\Windows\System32\Tasks\*. C:\Temp\Tasks") All I need to know is which services are triggered ONLOGON so if there is a less intrusive way to do this I'm all ears. Thanks! Edited September 4, 2023 by NassauSky
argumentum Posted September 4, 2023 Posted September 4, 2023 37 minutes ago, NassauSky said: Parsing isn't the problem but being that they have a System attribute stumps me. Curious by your post I went there. Read each file with notepad running as administrator. I guess all you need is #RequireAdmin Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
Andreik Posted September 5, 2023 Posted September 5, 2023 (edited) #RequireAdmin #include <Array.au3> $aLogonTasks = GetLogonTasks() _ArrayDisplay($aLogonTasks) Func GetLogonTasks($sFolder = '\') Local $sResult Local $oScheduleService = ObjCreate('Schedule.Service') $oScheduleService.Connect() $oRoot = $oScheduleService.GetFolder($sFolder) $oCollection = $oRoot.GetTasks(0) For $oTask In $oCollection If StringInStr($oTask.XML, 'LogonTrigger') Then $sResult &= $oTask.Name & Chr(1) Next Return StringSplit(StringTrimRight($sResult, 1), Chr(1)) EndFunc Or something like this. Edited September 5, 2023 by Andreik argumentum 1
NassauSky Posted September 5, 2023 Author Posted September 5, 2023 @argumentum and @Andreik I apologize for not mentioning that option and thanks there has to be a way though without using RequireAdmin which raises a UAC dialog which hampers the whole project I'm working with.
argumentum Posted September 5, 2023 Posted September 5, 2023 2 hours ago, NassauSky said: without using RequireAdmin which raises a UAC dialog which hampers the whole project I'm working with. If you are just making a query with Andreik's code, the admin level was not required in my testing. Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
Andreik Posted September 5, 2023 Posted September 5, 2023 (edited) Without #RequireAdmin it won't return all tasks. Basically it won't return tasks that have checked the option "Run with the highest privileges". Quote there has to be a way though without using RequireAdmin I highly doubt about that. It would be a total non-sense for windows to let you access Tasks directory from System32 or TaskCache from registry without admin privileges. Edited September 5, 2023 by Andreik argumentum 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now