Running a Batch File from Task Scheduler Without User being logged In

Solution 1:

TASK SCHEDULER: SCHEDULED BATCH SCRIPT NOT RUNNING

Task Scheduler Properties. . .

From Windows Task Scheduler on the job Properties (see bottom most screen shots) in the. . .

  • 1. General tab, ensure that the below options are select/checked or unchecked just as shown in Print Screen A

    • Uncheck Run only when user is logged on
    • Check Run whether user is logged on or not
    • Check Run with the highest privileges
  • 2. Conditions tab, ensure that the below options are select, checked, or unchecked just as shown in Print Screen B

    • Check Wake the computer to run this task
  • 3. Actions tab, click Edit, and ensure that the Start in (optional) is set just as shown in the below example (DO NOT put double quote marks around it) for the full path pointing where the batch script is located WITHOUT a final backslash "\" Print Screen C


SECURITY CONSIDERATIONS

  • Once you press OK (2. above) it should prompt you for the credential to run this as, and that credential is what will need access to EXECUTE the batch file where it exist, and it will also need access to do whatever the batch file is running that you scripted out.

  • It may be best to setup a static service/proxy user account for this process and then use its credentials to run the process. You'd need to ensure its password is strong and it set to never expire—and it needs access to EXECUTE the batch and run whatever the batch scripted process is running and any commands and resources, ect. it utilizes as well.

  • It seems the option Run whether user is logged on or not you MUST check the option Run with highest privileges for it to actually run as expected from the Task Scheduler.

Error Checking

  • If there is an issue with the actual batch script but the Windows Task Scheduler actually does execute it to run it but the batch script logic errors out, etc. for whatever reason, the Task Scheduler may not see this failure at this level. From its perspective (by default most of the time), it’s executing the batch file so as long as it can execute it and has access to do so, its job is done successfully.

  • Add error checking or logging to the batch script logic to catch (or troubleshoot) issues at this level including ensuring that the security context which the batch scheduler executes it as has appropriate access to commands, resources, etc. which the batch script runs as.


Group Policy Considerations

CHECK GROUP POLICY AND LOG ON AS A BATCH JOB PERMISSIONS

Answer: On Windows, this privilege is granted through the Local or Domain Security Policy. To do this using the Local Security Policy, follow these steps.

  1. In the Control Panel, open Administrative Tools, then Local Security Policy.
  2. Beneath Security Settings, open Local Policies and highlight User Rights Assignment.
  3. Locate Log on as a batch job. Open the properties and add any users that need this right.
  4. When finished, save your changes and close the Local Security Settings window.

Your changes should take effect immediately. To make changes to the Domain Security Policy, on a domain controller, use the Domain Security Policy utility in the Control Panel


Batch Script Logic with Mapped Drives or Full UNC Path, and issues. . .

If your script is referencing a mapped network drive but you want it to Run whether the user is logged on or not, then under this context, the drive mapping may not actually be there for the batch process to do what’s expected.

If possible, use UNC paths in your batch script logic rather than a mapped drive letter to avoid issues. Otherwise, you may need to use PUSHD \\ServerName\ShareName at the beginning of the batch process and then use POPD at the end of the batch process. You could map the drive with NET USE X: \\ServerName\ShareName at the beginning of the batch process and then disconnect the drive with NET USE X: /DELETE at the end of the batch process.

  • NET USE
  • PUSHD
  • POPD

OTHERS

  • MS HOTFIX (KB977353): Group Policy Immediate Task preference item does not run on a client computer that is running Windows 7 or Windows Server 2008 R2

  • Look at the scheduled task's Settings tab and the option listed as Stop the task if it runs longer than:. If this option is check and the time period is less than a script that's running, Task Scheduler will kill it early and thus you may not get the expected results. This is something else to check when troubleshooting just in case.

    enter image description here

  • From the Triggers tab of the scheduled task when you select the Edit option be sure to set the Start: time and date are of a value that's NOT already passed. Be sure that this has the date and time set to that of a value in the Future. Otherwise you may notice that the job states that it's scheduled to run at the next scheduled time as you'd expect; however, it doesn't get executed by Task Scheduler nor does the Task Scheduler History tab show that it is ever executed (because it's not). Simply edit the trigger and update it with a future date and/or time to resolve this issue if you're experiencing it.

    enter image description here


PRINT SCREENS

Print Screen A

enter image description here

Print Screen B

enter image description here

Print Screen C

enter image description here