search

dahall / TaskScheduler

Provides a .NET wrapper for the Windows Task Scheduler. It aggregates the multiple versions, provides an editor and allows for localization.
MIT License
1.21k stars 191 forks source link

Is RegisteredTask.SetSecurityDescriptor available? #851

Closed albefly closed 4 years ago

albefly commented 4 years ago

Thank you for the great product!

I have some problems with the scheduled tasks I made. I created a new task (highest privileges, interactive token, the user should be logged in). Then I realized that the task should be runnable under another non-admin account, so I manually provided the admin username/password to the task and changed the logon type to run it whenever user logged in or not. I switched the account and tried to run the task. I got an error "access denied".

I can fix the problem by applying PS script to change SDDL, but what is the right way to register task with the following parameters:

Thank you! Alex.

dahall commented 4 years ago

Have you tried the Task.SetSecurityDescriptorSddlForm method?

dahall commented 4 years ago

There is also a Task.SetAccess method that resembles the use of File.SetAccess with an object-based approach to setting the elements of access control.

To answer your 3-point question, you use:

TaskDefinition td = ts.NewTask();
td.Principal.RunLevel = TaskRunLevel.Highest;
// Set other task properties here
Task task = ts.RootFolder.RegisterTaskDefinition("YourTaskName", taskDefinition,
   TaskCreation.CreateOrUpdate, "YourDomain\\YourPrivilegedUser", "userPassword",
   TaskLogonType.Password);

// Setup task security descriptor, pulling detail from current task.
var taskSec = new TaskSecurity(task);
// Give any authenticated user the ability to read, update or run the task
taskSec.AddAccessRule(new TaskAccessRule(new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null), TaskRights.Read | TaskRights.Write | TaskRights.Execute, AccessControlType.Allow));
// Apply to task
task.SetAccess(taskSec);

I haven't tested this, but it should work, or get you pretty close.

albefly commented 4 years ago

Thank you so much, I will try it today.

dahall commented 4 years ago

Did that work? May I close this issue?

albefly commented 4 years ago

Yes, it is working fine. Thank you!

On August 31, 2020 8:59:04 PM David Hall notifications@github.com wrote:

Did that work? May I close this issue? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.