Update Task Scheduler job password on multiple machines
Here's the deal: the company's policy is to update Service Account passwords every 180 days. Problem is, I'm using those service accounts on about 20 servers, running various jobs - so every 180 days, I have to spend like 4 hours updating them all (if not for KeepassXC's autotype, would take me more like 2 days, gotta love RDP to DC half world away).
There has to be a better way, but what would it be?
We're talking about W2k12r2.
Solution 1:
You should be able to accomplish this with a little PowerShell. This article provides a quick and easy method to update scheduled task credentials The code below was taken from https://nointerrupts.com/2018/10/18/update-scheduled-task-password-with-powershell/.
$TaskCredential = Get-Credential
Get-ScheduledTask | Where-Object { $_.Principal.UserId -eq $TaskCredential.UserName } | Set-ScheduledTask -User $TaskCredential.UserName -Password $TaskCredential.GetNetworkCredential().Password
To run the update remotely across several machines save the below as Set-ScheduledTaskCredentials.ps1.
Note: You will need WinRM set up on all the servers for this to work
Param(
[Parameter(Mandatory=$true,ValueFromPipeline=$true)][string[]]$ComputerName,
[Parameter(Mandatory=$true)][PSCredential]$Credential,
[Parameter(Mandatory=$true)][PSCredential]$TaskCredential
)
Invoke-Command -ComputerName $ComputerName -Credential $Credential -ScriptBlock { Get-ScheduledTask | Where-Object { $_.Principal.UserId -eq ($using:TaskCredential).UserName.Split('\')[1] } | Set-ScheduledTask -User ($using:TaskCredential).UserName -Password ($using:TaskCredential).GetNetworkCredential().Password }
Then you should be able to run it like this.
$AdminCredential = Get-Credential # Supply the admin credentials for remote access
$TaskCredential = Get-Credential # Supply the new credentials for the service account
.\Set-ScheduledTaskCredentials.ps1 -ComputerName server1.example.com,server2.example.com -TaskCredential $TaskCredential -Credential $AdminCredential