TaskScheduler: Unable to add a task - AccessDenied

In Windows any unprivileged user can create a task for yourself in Interactive Token mode (“run only when user is logged on”). Looks like I can’t do that via TaskService. I’ve tried 2 ways:

	TaskService.Instance.AddTask("app_"+sid, QuickTriggerType.Logon, path, "-agent");

and

	using (var ts = new TaskService())
	{
		var td = ts.NewTask();
		td.Actions.Add(path, "-agent");
		var tr = td.Triggers.AddNew(TaskTriggerType.Logon);
		td.Principal.LogonType = TaskLogonType.InteractiveToken;
		ts.RootFolder.RegisterTaskDefinition("app_" + sid, td);
	}

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 1
  • Comments: 21 (9 by maintainers)

Most upvoted comments

After doing a little more research and testing, I found that in order to use the LogonTrigger as a non-privileged user you must specify the current user’s account (DOMAIN\username) in the UserId property and register the task as either interactive (default) or with the user account and password.

The following will work.

var td = ts.NewTask();
td.Actions.Add("notepad", null, null);
td.Triggers.Add(new LogonTrigger { UserId = System.Security.Principal.WindowsIdentity.GetCurrent().Name });
ts.RootFolder.RegisterTaskDefinition("Test", td);

Given this, I will be updating this library to automatically set that property in this condition.

+5
dahall on Apr 25, 2018
Read more comments on GitHub
← TaskScheduler: Trying to connect to a remote machine but I always have access denied error
TaskScheduler: Unable to connect to Server 2019 to manage tasks →