Create scheduled task to run at user log-on as user him/herself

  • 26 October 2020
  • 4 replies

Userlevel 4

Hi everyone

We sometimes have a requirement to replicate the behaviour of GPOs that run in the user context. This means you need to execute a task under the current logged on user and trigger it to occur only when user logs on.

To achieve this, we can use a scheduled task with 2 special settings:

  1. It is triggered only when a user logs on

  2. It runs under the context of the local “USERS” group.

With #2, you are able to access all the usual user-context-specific data such as %USERNAME%, HKCU, etc. And, this approach makes the scheduled task run under the context of ANY user that logs on. Say for example you have 2 users - USERA and USERB logging on, the scheduled task will take on the security context of USERA or USERB depending on who logs on.

Unfortunately, you cannot achieve this with the New-ScheduledTask cmdlet. You will have to use COM programming. Here’s the code:

$ShedService = New-Object –comobject 'Schedule.Service'

$Task = $ShedService.NewTask(0)
$Task.RegistrationInfo.Description = "Test Task - Runs when user logs on, and under user's context"
$Task.Settings.Enabled = $true
$Task.Settings.AllowDemandStart = $true

$trigger = $task.triggers.Create(9)
$trigger.Enabled = $true

$action = $Task.Actions.Create(0)
$action.Path = "cmd.exe"
$action.Arguments = "/c echo %temp% > c:\temp\out.txt"

$taskFolder = $ShedService.GetFolder("\")
$taskFolder.RegisterTaskDefinition("Run at user logon", $Task , 6, "Users", $null, 4)

You can examine the file “c:\temp\out.txt” and see that the text in there points to the temporary folder of the user who just logged on.

4 replies

this is awesome! Thank you!

Userlevel 3

This is really useful! Except, I cant get it to run from an automox worklet. Copied this code exactly and pasted it in remediation. It runs just fine if I open powershell and paste it in. It also runs just fine when I run powershell under system context per Automox’s worklets kb “PsExec.exe -s -i %windir%\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe”. But for the life of me, I cant get it to successfully run in a worklet. Here is the error I am seeing in the activity log.

At C:\ProgramData\amagent\execDir696801407\execcmd716541906.ps1:5 char:89 + … tion = “Test Task - Runs when user logs on, and under user’s context” + ~~~~~~~~~~~ The string is missing the terminator: '. + CategoryInfo : ParserError: (🙂 [], ParentContainsErrorRecordException + FullyQualifiedErrorId : TerminatorExpectedAtEndOfString COMMAND TIMED OUT.

Userlevel 1

Hi David,

There is an issue with the hyphen on the first line (before “comobject”). Removing that character and retyping it by hand will allow the worklet to run.

Userlevel 3

Thanks, that fixed the issue. I was replacing quotes and just about everything else trying to figure that one out. Surprised it ran just fine in a local powershell session.

I am using $trigger = $task.triggers.Create(7) which launches the app immediately in the user session and then unregistering the task. Works very slick.