Wednesday, September 28, 2022
HomePowershellReport Scheduled Duties on servers which have native or area accounts configured

Report Scheduled Duties on servers which have native or area accounts configured


For one among our clients, I wanted to create a report of all Scheduled Duties on their servers with an area or area account configured. They wanted this report as a result of they’re switching to extra strict Group Insurance policies and so they wanted to know what person accounts ought to have the “Go online as a batch job” proper. On this weblog submit, I’ll present you create that report 🙂

Challenges

Making a report needs to be simple I assumed, the Get-ScheduledTask ought to show the account configured. But it surely doesn’t try this, sadly, so…. Schtasks.exe ought to try this proper? Began making a script utilizing that and… It has points connecting to servers, throwing ‘Cant retrieve XML…’ errors, and couldn’t get that to work reliably.

However… Scheduled Duties are principally XML recordsdata which are saved in C:WindowsSystem32Tasks 🙂 So I began to create a script that parses these recordsdata and that gave me the outcomes I needed, I may now retrieve the Server, Process Identify, and the credentials when the duty was configured to run whether or not the person is logged on or not.

Working the script

When executing the “Scheduled Duties stock.ps1” script, it’ll seek for all Laptop Accounts with a Home windows Server working system and parse all Process Schedules for credentials and skips issues like System, Native Service, and many others.

Within the instance beneath it runs it in opposition to my Home windows Server 2022 Area Controller:

When performed, it saves a CSV to the placement specified on the prime of the script, the report lists all Scheduled Duties discovered that not operating as a built-in/system account:

The script

Under is the script that I made, modified the $CSVlocation to the placement and filename you favor 🙂

$whole = @()
$CSVlocation = 'C:TempScheduledTasks.csv'
foreach ($server in Get-ADComputer -Filter * -Properties OperatingSystem | The place-Object OperatingSystem -Match 'Home windows Server' | Type-Object Identify) {

    strive {
        $scheduledtasks = Get-ChildItem "$($Server.title)c$WindowsSystem32Tasks" -Recurse -File -ErrorAction Cease
        Write-Host ("Retrieving Scheduled Duties record for {0}" -f $server.Identify) -ForegroundColor Inexperienced
    }
    catch {
        Write-Host ("Unable to retrieve Scheduled Duties record for {0}" -f $server.Identify) -ForegroundColor Purple
        $scheduledtasks = $null
    }

    foreach ($process in $scheduledtasks | Type-Object Identify) {
        strive {
            $taskinfo = (Get-Content material -Path $process.FullName -ErrorAction cease)
            Write-Host ("Processing Process {0} on {1}" -f $process.Identify, $server.title)
        }
        catch {
            Write-Warning ("Couldn't learn {0}" -f $process.FullName)
            $taskinfo = $null
        }
        
        if ($taskinfo.Process.Settings.Enabled -eq 'true' `
                -and $taskinfo.Process.Principals.Principal.GroupId -ne 'NT AUTHORITYSYSTEM' `
                -and $taskinfo.Process.Principals.Principal.Id -ne 'AnyUser' `
                -and $taskinfo.Process.Principals.Principal.Id -ne 'Authenticated Customers' `
                -and $taskinfo.Process.Principals.Principal.Id -ne 'AllUsers' `
                -and $taskinfo.Process.Principals.Principal.Id -ne 'LocalAdmin' `
                -and $taskinfo.Process.Principals.Principal.Id -ne 'LocalService' `
                -and $taskinfo.Process.Principals.Principal.Id -ne 'LocalSystem' `
                -and $taskinfo.Process.Principals.Principal.Id -ne 'Customers' `
                -and $taskinfo.Process.Principals.Principal.LogonType -ne 'InteractiveToken' `
                -and $taskinfo.Process.Principals.Principal.UserId -ne 'Directors' `
                -and $taskinfo.Process.Principals.Principal.UserId -ne 'EVERYONE' `
                -and $taskinfo.Process.Principals.Principal.UserId -ne 'INTERACTIVE' `
                -and $taskinfo.Process.Principals.Principal.UserId -ne 'LOCAL SERVICE' `
                -and $taskinfo.Process.Principals.Principal.UserId -ne 'NETWORK SERVICE' `
                -and $taskinfo.Process.Principals.Principal.UserId -ne 'NT AUTHORITYSYSTEM' `
                -and $taskinfo.Process.Principals.Principal.UserId -ne 'SYSTEM' `
                -and $taskinfo.Process.Principals.Principal.UserId -ne 'S-1-5-18' `
                -and $taskinfo.Process.Principals.Principal.UserId -ne 'S-1-5-19' `
                -and $taskinfo.Process.Principals.Principal.UserId -ne 'S-1-5-20' `
                -and $taskinfo.Process.Principals.Principal.UserId -ne 'USERS' `
                -and $taskinfo.Process.Triggers.LogonTrigger.Enabled -ne 'True' 
        ) {
            $foundtasks = [PSCustomObject]@{
                Server    = $Server.title
                TaskName  = $process.Identify
                RunAsUser = $taskinfo.Process.Principals.Principal.UserId
            }    
            $Complete += $foundtasks
        }
    }
}

$Complete | Type-Object Server, TaskName | Export-CSV -NoTypeInformation -Delimiter ';' -Encoding UTF8 -path $CSVlocation

Obtain the script(s) from GitHub right here

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments