Permissions or ACL for Scheduled Tasks
I am on a Windows Server 2012 R2 and the logged in account is a member of Administrators.
This is a screen shot of Task Scheduler:
I have tasks in folders another administrator created: RPA
and Test
. Running schtasks /query
, it lists only the \
and Microsoft
folders.
If I run schtasks
in an elevated shell, I can see all the folders and tasks. What properties of a task make it visible or not visible to a user? The two tasks in the Test folder were created by me the logged-in user, ie I am shown as the Author.
I am not related to the Microsoft's tasks in anyway, yet those tasks are listed.
Where is permissions or access control for Scheduled Tasks managed?
Solution 1:
The API provides a documented mechanism to set and query the ACL for a task or a task folder, but this doesn't seem to be exposed by the GUI or command line user interfaces.
On older versions of Windows, it appears that the permissions are stored in the file system so you can view and/or modify them by looking at the permissions on the files and folders in the c:\windows\system32\Tasks
folder.
On Windows 10, the permissions are stored in the registry. Unfortunately, that leaves you with no built-in tools for manipulating them. A Google search failed to turn up any third-party tools either. See also this question.