User-created (sch)tasks Invisible When Run

Cavaldi · 10 Nov 2012

SCENARIO
On startup several tasks are added to schtasks via a GPO startup script:
schtasks /create /xml "X:\task 1.xml" /ru "COMPUTER NAME\USER NAME" /rp PASSWORD /tn "Imported Task 1"
etc.

Via a batch script in Programs\Startup these tasks are then run:
schtasks /run /tn "Imported Task 1"
etc.

PROBLEM
Although the programs launched by the tasks all run (as the user), they run invisibly and can not be seen (by the user) in Task Manager unless "Show processes from all users" is clicked.

OBSERVATIONS
The tasks were set to "run only when the user is logged on" when they were exported, but after importing they are all set to "run whether the user is logged on or not".
By ending the processes of the tasks in Task Manager, ending the tasks in Task Scheduler and resetting them to "run only when user is logged on" and then running them, the tasks run visibly as intended.

QUESTION
Is there any way to force/import/set tasks to "run only when user is logged on" (from the command line)?

Cavaldi · 12 Nov 2012

I managed to resolve the situation. This solution is only for trusted environments.

See next post for a better solution.

My particular scenario is somewhat complicated. Without going into detail, the computer is locked-down (running Returnil, similar to Steady-State) and the software is virtualized (Symantec Workspace Virtualization). I had the GPO startup script and a non-elevated batch file which is run on startup to play with.

As the user account has no password it was difficult to import a task with elevated privileges intended to run visibly.

Via the GPO script a temporary password was created*1, the tasks then imported with an /it switch to run them interactively*2 and the password removed*3. The tasks were then started from the script*4. (The tasks were delayed (with NirSoft's nircmd) so the virtualized layers had time to load.*5 The layers themselves are loaded with delay too, earlier, to give them some time.)

*1 net user USERNAME PASSWORD
*2 schtasks /create /xml "X:\Task.xml" /ru USERNAME /rp PASSWORD /tn TASKNAME /it
*3 net user USERNAME ""
*4 schtasks /run /tn TASKNAME
(*5 nircmd cmdwait 6000 exec hide schtasks /run /tn TASKNAME)

Some issues emerged as a result of the temporary password. An environment variable called SEE_MASK_NOZONECHECKS with a value of 1 was created to prevent Open File - Security Warnings*6 and network passwords were cached to prevent network password dialogs*7. I placed these commands in the non-elevated startup.bat, as they didn't work from the GPO startup script.

*5 setx SEE_MASK_NOZONECHECKS 1
*6 cmdkey /add:COMPUTERNAME /user:USERNAME /pass:""

Cavaldi · 13 Nov 2012

Rems of petri.co.il suggested a better solution:

Provided the exported task was created without using a password, schtasks /create /xml FILENAME /tn TASKNAME will not only import the task with highest privileges, but the task can be started from a non-elevated batch file. It also prevents problems with network passwords.

Unfortunately, the Open File - Security Warnings persist for certain shortcuts. Adding .lnk to the GPO *1 would be a safer solution but, given my particular scenario and the relatively safe environment, setx SEE_MASK_NOZONECHECKS 1 remains the easiest approach.*2

*1 Google "File Open - Security Warning" GPO for more information.
*2 See previous post.