2

In the Task Scheduler I have a task using the SYSTEM account that runs a batch file. The user (non-administrator) has another batch file that runs the task. How can the user's batch set a variable that can be used by the task's batch?

Jason
  • 7,873

1 Answers1

3

Dynamically set a variable value in a batch script that'll be executed by Task Scheduler

Since you clarified and confirmed the following:

  1. You need the variable value in the batch script that the Task Scheduler executes as SYSTEM to be set to as a value that matches the SID of the user that runs the login script
  2. You can use local file path per machine for the script location the Task Scheduler will execute
  3. You will never have more than one user signing onto the same OS concurrently that'll execute this script

I've written this solution up as a separate answer with more detail of the approach suggested.

You will want to ensure the following:

  • Confirm the correlated Scheduled Task name is setup on each machine that will execute the batch script locally
  • Confirm that each correlated Scheduled Task on each machine that is executed with schtasks all point to the same one standard batch script path and file name.

Batch [Login] Script Example

I reused the logic you already have setup for this, but I added a few extra variables and conditional IF logic that will make the local folder on local machine the batch script will reside if it does not already exist, and delete the batch file in that folder if it does already exist since it's created per run.

Essentially this will create a dynamic batch script each time it is executed (at login). The batch script it creates will contain the Reg Add logic and commands with the SID portion values being that of the user the login script ran for at their login. So when the Task Scheduler executes the script, this will ensure the script always has the needed value added per login/script execution.

@ECHO ON

SET LocalDir=C:\localfolder
SET TaskScript=TaskScript.cmd

IF NOT EXIST "%LocalDir%" MD "%LocalDir%"
IF EXIST "%LocalDir%\%TaskScript%" DEL /Q /F "%LocalDir%\%TaskScript%"

for /f "tokens=2" %%i in ('whoami /user /fo table /nh') do set usersid=%%i

ECHO reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\%usersid%" /v "State" /t REG_DWORD /d 128 /f>>"%LocalDir%\%TaskScript%"

schtasks /run /tn "My Profile Changer"

Scheduled Task

You will only need to ensure that the task which you tell the schtasks to execute (i.e. "My Profile Changer") to point to the same full path as you specify in the login batch script for the SET LocalDir= and SET TaskScript= variable values.

So if the login script variables equal C:\localfolder\TaskScript.cmd then this is the same value you want the Program/Script field to point to. I would also suggest putting the SET LocalDir= variable value in the Start in (optional): field but you will NOT need to add any arguments so leave the Add Arguments (optional): field blank or empty with nothing in it (below screen shot).

enter image description here

Further Resources

Vomit IT - Chunky Mess Style
  • 40,973
  • I like the idea. Instead of setting the value to variable, you're writing the value to a file. My only issue is that this introduces a security hole: TaskScript.cmd is user-modifiable and they could trigger the task to elevate themselves. So I'm going to change this to only write the value, and have another script read that value. – Jason Jun 22 '17 at 15:25
  • @Jason I suppose writing just a value rather than the whole script would work as well. Security wise, they will need the same access to the folder the file with the value resides. I'm familiar with telling batch to read content of a file from a list or whatever and then to set that as a variable in the rest of the batch processing. Maybe at least I've helped you come up with a different strategy that will suffice. Just note that you control the login script logic and it has the logic to first delete the task batch that'll execute if it exists and then write it with only the logic you allow. – Vomit IT - Chunky Mess Style Jun 22 '17 at 15:58
  • @Jason I just wanted you to note this that even if the user creates the script, it'll not be executed with that logic unless they run the schtasks from command line or the GUI Task Scheduler. You can also create logic after the schtasks completes to delete the batch script and the folder so it'll not exist and the end-user would have to create both and then have command line access, or Task Scheduler GUI access and know what to execute. – Vomit IT - Chunky Mess Style Jun 22 '17 at 16:01