Update Task Scheduler job password on multiple machines

Here's the deal: the company's policy is to update Service Account passwords every 180 days. Problem is, I'm using those service accounts on about 20 servers, running various jobs - so every 180 days, I have to spend like 4 hours updating them all (if not for KeepassXC's autotype, would take me more like 2 days, gotta love RDP to DC half world away).

There has to be a better way, but what would it be?

We're talking about W2k12r2.


Solution 1:

You should be able to accomplish this with a little PowerShell. This article provides a quick and easy method to update scheduled task credentials The code below was taken from https://nointerrupts.com/2018/10/18/update-scheduled-task-password-with-powershell/.

$TaskCredential = Get-Credential
Get-ScheduledTask | Where-Object { $_.Principal.UserId -eq $TaskCredential.UserName } | Set-ScheduledTask -User $TaskCredential.UserName -Password $TaskCredential.GetNetworkCredential().Password

To run the update remotely across several machines save the below as Set-ScheduledTaskCredentials.ps1.

Note: You will need WinRM set up on all the servers for this to work

Param(
  [Parameter(Mandatory=$true,ValueFromPipeline=$true)][string[]]$ComputerName,
  [Parameter(Mandatory=$true)][PSCredential]$Credential,
  [Parameter(Mandatory=$true)][PSCredential]$TaskCredential
)

Invoke-Command -ComputerName $ComputerName -Credential $Credential -ScriptBlock { Get-ScheduledTask | Where-Object { $_.Principal.UserId -eq ($using:TaskCredential).UserName.Split('\')[1] } | Set-ScheduledTask -User ($using:TaskCredential).UserName -Password ($using:TaskCredential).GetNetworkCredential().Password }

Then you should be able to run it like this.

$AdminCredential = Get-Credential # Supply the admin credentials for remote access
$TaskCredential = Get-Credential # Supply the new credentials for the service account
.\Set-ScheduledTaskCredentials.ps1 -ComputerName server1.example.com,server2.example.com -TaskCredential $TaskCredential -Credential $AdminCredential