Can't modify task "Reboot" in win10 home

Solution 1:

windows 10 home [...]

upset that there's some setting that I can't modify in my own computer ... I want to know why

You answer your own question. Home is for home users who do not necessarily have the capability to manage or maintain their systems. In locking home users out of some settings like this Microsoft are making some attempt to prevent the horrors of the XP era of unpatched systems where people have turned off updates because they don't understand why they need them and the implications of not getting them.

On to the guts of your question. S-1-5-18 is the LocalSystem user, this is a highly privileged account that normal users, even administrators, are not supposed to be able to interfere with on a day to day basis.

The idea is that we control windows through the userland tools and the operating system will make the necessary changes to the underlying processes that execute as system. Hence your inability to take control of the task you mention. The theory is that you don't change things here, you should be changing them in the graphical interface that you access through the usual settings window.

However there are tricks that you can use to bypass these protections.

To run with the privileges of SYSTEM you can do the following:

  • Get a copy of PSEXEC from sysinternals
  • Run the following in an Administrative CMD window
    • PSEXEC /S CMD.EXE

This will give you a command shell running as SYSTEM in session 0. From here you can execute commands as that user, meaning you will be able to change the function of those scheduled tasks

SCHTASKS /Change is your most likely option, from here you can take control of the tasks, stop, start, delete

Solution 2:

Success. After much trying, this is what works for me on Windows 10 Home. Download PSExec.

PSEXEC /S CMD.EXE
SCHTASKS /Change /tn "\Microsoft\Windows\UpdateOrchestrator\Reboot" /DISABLE
You should get: SUCCESS: The parameters of scheduled task "\Microsoft\Windows\UpdateOrchestrator\Reboot" have been changed.

Solution 3:

I'm using Windows 10 Pro and was having a similar issue. I wasn't able to change my "Wake the computer to perform this task" setting on the reboot task using the task scheduler UI, but found I eventually could using this method:

Using psexec as Patrick suggested:

  1. Run a command prompt as administrator.
  2. Navigate to where the psexec executable is located.
  3. Run .\psexec -s -i cmd.exe to open a new cmd window.
  4. In the new cmd window run taskschd.msc (or %windir%\system32\taskschd.msc).
  5. Edit your task like before. You shouldn't be prompted for credentials.

I started looking for a solution for this when Windows would wake my computer from sleep to force a reboot. The problem is my bootloader pins the CPU at 100% while it waits for my input. My laptop is often closed when this happens and it becomes hot to the touch. I'm worried for my desktop too, which hasn't been acting normal since I started finding it sitting at the bootloader in the morning, with all the fans on.

Solution 4:

windows_update_reboot_toggle.bat
Disable protected reboot and wake tasks. No external tools needed. Built-in undo.

@echo off &title Windows Update Reboot Toggle
reg query "HKEY_USERS\S-1-5-20\Environment" /v TEMP >nul 2>nul || goto need_admin_rights

set "updatetasks=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator"
call :check_status "%updatetasks%\Reboot"
echo.
echo      ---------------------------------------------------------------------
echo     :                  Windows Update Reboot Toggle v4.6                  :
echo     :---------------------------------------------------------------------:
echo     : Prevent protected reboot and wake to run tasks without disabling WU :
echo     :           Just run this script again to toggle tasks on/off         :
echo     :                                                                     :
echo     :                          Currently: %STATUS%%_%                     :
echo     :                                                                     :
echo     : Press Alt+F4 to cancel                    Always run latest version :
echo      ---------------------------------------------------------------------
echo       All-around Windows Update Toggle available at https://git.io/vx2et
echo.
timeout /t 10 &echo.

:: Use Reg_TakeOwnership snippet to unprotect UpdateOrchestrator task cache registry keys
reg add "%updatetasks%\Reboot" /v checkrights /d 1 /f >nul 2>nul || call :reg_takeownership "%updatetasks%" Administrators recursive
reg delete "%updatetasks%\Reboot" /v checkrights /f >nul 2>nul
:: Toggle Reboot task
call :toggle_task "%updatetasks%\Reboot"
:: Toggle Schedule Retry Scan task
call :toggle_task "%updatetasks%\Schedule Retry Scan"
:: Update status
call :check_status "%updatetasks%\Reboot"
echo.

:: Done!
echo -------------------------------------
echo  Windows Update Reboot Tasks now: %STATUS%
echo -------------------------------------
echo.
pause
exit

::----------------------------------------------------------------------------------------------------------------------------------
:: Utility functions
::----------------------------------------------------------------------------------------------------------------------------------
:check_status %1:TaskCache entry in registry
reg query "%~1" /v "Id_OFF" >nul 2>nul && set "STATUS=OFF" || set "STATUS=ON!"
set "_=        " &if "%STATUS%"=="OFF" ( color 0c ) else color 0b
exit/b

:toggle_task %1:TaskCache entry in registry
reg query "%~1" /v "Id_OFF" >nul 2>nul && set "isOFF=1" || set "isOFF="
reg query "%~1" /v "Id" >nul 2>nul && set "isOFF=" || set "isOFF=1"
if defined isOFF ( call :reg_query "%~1" "Id_OFF" ID_BACKUP ) else call :reg_query "%~1" "Id" ID_BACKUP
if defined isOFF ( reg delete "%~1" /v "Id_OFF" /f &reg add "%~1" /v "Id" /d %ID_BACKUP% /f )
if not defined isOFF ( reg delete "%~1" /v "Id" /f &reg add "%~1" /v "Id_OFF" /d %ID_BACKUP% /f )
exit/b

:reg_takeownership %1:regkey[ex:"HKCU\Console"] %2:_user[optional, default:"Administrators"] %3:_recursive[optional, default:""]
set "s10=$dll0='[DllImport(''ntdll.dll'')]public static extern int RtlAdjustPrivilege(ulong a,bool b,bool c,ref bool d);'; $ntdll="
set "s11=Add-Type -Member $dll0 -Name NtDll -PassThru; foreach($i in @(9,17,18)){$null=$ntdll::RtlAdjustPrivilege($i,1,0,[ref]0)};"
set "s12=function Reg_TakeOwnership { param($hive, $key, $own, $inherit=$false);"
set "s13= $reg=[Microsoft.Win32.Registry]::$hive.OpenSubKey($key,'ReadWriteSubTree','TakeOwnership');"
set "s14= $acl=New-Object System.Security.AccessControl.RegistrySecurity; $acl.SetOwner($own); $reg.SetAccessControl($acl);"
set "s15= $acl.SetAccessRuleProtection($false,$false);$reg.SetAccessControl($acl);"
set "s16= $reg=$reg.OpenSubKey('','ReadWriteSubTree','ChangePermissions'); if($inherit){"
set "s17= $rule=New-Object System.Security.AccessControl.RegistryAccessRule($own,'FullControl','ContainerInherit','None','Allow');"
set "s18= $acl.ResetAccessRule($rule);$reg.SetAccessControl($acl);} }; $rk=$regkey -split '\\\\',2; $key=$rk[1];"
set "s19=switch -regex ($rk[0]) { '[mM]'{$HK='LocalMachine'};'[uU]'{$HK='CurrentUser'}; default {$HK='ClassesRoot'}; }; $HK; $key;"
set "s20=if($user -eq ''){$user='Administrators'}; [System.Security.Principal.NTAccount]$owner=$user; $rcsv=($recursive -ne '');"
set "s21=Reg_TakeOwnership $HK $key $owner $true; if($rcsv){$r=[Microsoft.Win32.Registry]::$HK.OpenSubKey($key);"
set "s22=foreach($sk in $r.GetSubKeyNames()){$sk; try{ Reg_TakeOwnership $HK $($key+'\\'+$sk) $owner }catch{} }} "
setlocal & for /l %%# in (10,1,22) do call set "ps_RegTakeOwnership=%%ps_RegTakeOwnership%%%%s%%#:'=\"%%"
powershell.exe -c " $regkey='%~1';$user='%~2';$recursive='%~3'; %ps_RegTakeOwnership%;"
endlocal & exit/b                                         AveYo: call :reg_takeownership "HKLM\MyKey" "NT Service\TrustedInstaller"

:reg_query %1:KeyName %2:ValueName %3:OutputVariable %4:other_options[example: "/t REG_DWORD"]
setlocal & for /f "skip=2 delims=" %%s in ('reg query "%~1" /v "%~2" /z 2^>nul') do set "rq=%%s" & call set "rv=%%rq:*)    =%%"
endlocal & set "%~3=%rv%" & exit/b                                              AveYo: call :reg_query "HKCU\MyKey" "MyValue" MyVar

:need_admin_rights
color 0c&echo. &echo  PERMISSION DENIED! Right-click %~nx0 ^& Run as administrator &timeout /t 60 &color 0f&title %COMSPEC% &exit/b
::end