Task Scheduler permissions problem

Discussion in 'Server Security' started by Nev George, Aug 27, 2004.

  1. Nev George

    Nev George Guest

    Hi there,

    We are running Windows Server 2003.

    I have a batch file that backs up our servers using ntbackup, and it
    runs fine.

    I have tried adding it as a scheduled task using the AT scheduler.

    At the beginning of my batch file is a "net use" command to map a
    network drive. This executes fine when I run the batch file myself as
    administrator, but as a scheduled task it prompts for a password.

    I assumed this was occuring due to a permission issue with the Local
    System account, which is the account that the Task Scheduler runs under
    by default. So, under the Task Scheduler's Log On properties I changed
    it to use an administrator a/c. When I try to restart the service I get
    the error message:

    "Error 1079: The account specified for this service is different from
    the account specified for other services running in the same process".

    Anyone have any idea what the problem is, and what I can do it rememdy

    Any information is very much appreciated :)

    Nev George, Aug 27, 2004
  2. I am unsure if you are using the AT command line tool or the Scheduled Tasks wizard.
    If you have not tried it yet, schedule the task with the AT command and change the
    service back to the system account. The link below details on how to use that AT
    command. --- Steve

    Steven L Umbach, Aug 27, 2004
  3. Nev George

    Nev George Guest

    hi Steven,

    Thankyou for your reply.

    It is the AT command that I'm using ... I believe my syntax of the AT
    command is correct.

    The problem I'm having is that I cannot run a NET USE command within
    this batch file when this batch file is run as a scheduled task in AT.
    If I run this batch file manually it works fine. But when it's run from
    AT scheduler I am prompted to enter a password when the NET USE command
    is issued. This sounds like a permissions issue ... ?

    I've experienced similar happenings with NT4 (and have read in
    newsgroups of other users having such probs) and it can be fixed by
    assigning the Scheduler service an administrator account to "log on as".
    But with Win Serv 2003 I cannot use an admin a/c since the "error 1079"
    comes up as mentioned in my first post.

    Hope I've made better sense this time :)


    Nev George, Aug 27, 2004
  4. Oh, you're changing the account the scheduled task service is using to log

    Don't do this. The error message is correct. Scheduled Tasks service must
    have the same logon account as several other services, and if i recall
    correctly, it is undesirable to change the account for the other services.
    Besides, this is less than ideal security.

    Instead, change the service back to run as local system, then use the
    Scheduled Tasks GUI folder in Explorer or Control Panel to change the
    properties of that scheduled task to log in with the admin ID and password.
    I don't believe the AT command gives you the ability to make this change,
    although I believe you can create tasks with AT and then change their logon
    account in the GUI folder.

    You're right that by default, scheduled tasks only have permissions to local
    resources and no network resources.
    Karl Levinson [x y] mvp, Aug 27, 2004
  5. OK. I think Karl's post may have the solution for you. --- Steve
    Steven L Umbach, Aug 27, 2004
  6. Nev George

    Nev George Guest

    Karl & Steven,

    Thank you very much for your responses, they are much appreciated!!

    I tried your suggestion just now Karl and it seems to be working.

    Is it possible to make the task run interactively? It makes it easier to
    diagnose problems when you can see it happening.

    Thanks again :)

    Nev George, Sep 3, 2004
  7. Nev George

    Nev George Guest

    You can ignore this one guys, I have found how to make the command
    interactive - by using the schtasks command line program with the /IT
    switch. Only problem is that it will only be interactive if the account
    the task is running under is the same one that is logged onto the server
    console at the time. But that's better than nothing :)

    Thanks again!

    Nev George, Sep 4, 2004
