Scheduled Task problem

Archived from groups: microsoft.public.windowsxp.general (More info?)

I have a PC running Windows XP Pro with 5 user accounts (2 x admin for me &
the missus + 3 x limited user accounts for the kids) + a guest account.

I want to be able to restrict the hours that the kids & guest can use the
PC. I have set log on times for them using net use so that problem is
sorted.

I want to run a batch file which will log them off at a specific time. I've
got the batch file sorted but I am having trouble with the task scheduler.

I thought I could hide the batch file in a hidden folder, log on as each of
the kids and schedule a task. The chances are they wouldn't be able to find
the file if it was hidden. Problem with this is that I need to know their
passwords - one of them I don't so can't schedule the task. Also, it is not
possible to schedule a task when you log on as a guest. Finally, they could
easily delete the task from task scheduler.

So the big question is: Is it possible to schedule a task from an
administrator account that will run on 3 limited user accounts + the guest
account but not on the administrator accounts?
8 answers Last reply
More about scheduled task problem
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    PC TimeWatch
    http://www.mainsoft.fr/en/pctwoverview.htm

    --
    Carey Frisch
    Microsoft MVP
    Windows XP - Shell/User
    Microsoft Newsgroups

    -------------------------------------------------------------------------------------------

    "Goonerak" wrote:

    | I have a PC running Windows XP Pro with 5 user accounts (2 x admin for me &
    | the missus + 3 x limited user accounts for the kids) + a guest account.
    |
    | I want to be able to restrict the hours that the kids & guest can use the
    | PC. I have set log on times for them using net use so that problem is
    | sorted.
    |
    | I want to run a batch file which will log them off at a specific time. I've
    | got the batch file sorted but I am having trouble with the task scheduler.
    |
    | I thought I could hide the batch file in a hidden folder, log on as each of
    | the kids and schedule a task. The chances are they wouldn't be able to find
    | the file if it was hidden. Problem with this is that I need to know their
    | passwords - one of them I don't so can't schedule the task. Also, it is not
    | possible to schedule a task when you log on as a guest. Finally, they could
    | easily delete the task from task scheduler.
    |
    | So the big question is: Is it possible to schedule a task from an
    | administrator account that will run on 3 limited user accounts + the guest
    | account but not on the administrator accounts?
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Goonerak wrote on Mon, 29 Aug 2005:

    >So the big question is: Is it possible to schedule a task from an
    >administrator account that will run on 3 limited user accounts + the guest
    >account but not on the administrator accounts?

    Hi Goonerak

    Yes, I think it should work.

    First, your problem of not knowing one of the kids' passwords for
    Scheduled Tasks -- you can get round that by allowing Scheduled Tasks to
    run without a password. To do this:

    In Start > Run type gpedit.msc <OK>.
    In the Group Policy dialog navigate to: Local Computer Policy\Computer
    Configuration\Windows Settings\Security Settings\Local Policies\Security
    Options [phew!]

    In the right-hand pane the 3rd option down says: "Accounts: Limit local
    account use of blank passwords to console logon only" -- right-click on
    this for Properties and set to Disabled. Close the program.

    Now you can go to Scheduled Tasks (still from your admin account). For
    this purpose it's easier to bypass the Add Task wizard (because we need
    access to the settings tabs) and just go to File > New > Scheduled Task.
    A new task will appear in the window with default settings; give it a
    name, then right-click and choose Properties to get the New Task
    settings box.

    On the Task tab fill in the details for the program you want to run. In
    Run As: replace your username with your chosen victim's, and make sure
    to check the box Run Only if Logged On -- you'll see then that the Set
    Password button will fade itself out.

    Make any other settings you want on the Schedule and Settings tabs, then
    OK your way out. You'd need to repeat this for each of the kids, plus
    Guest; on my computer the Guest account is disabled, but I tried setting
    a task as above in the Guest name, and the Scheduler seemed to accept
    it.

    Hope this helps -- good luck!

    --
    Nightowl
  3. Archived from groups: microsoft.public.windowsxp.general (More info?)

    David Candy wrote on Wed, 31 Aug 2005:

    >So if they don;t have passwords anyone anywhere can log in by guessing
    >their username, like Administrator.

    Hi David

    Not sure I follow you: changing the setting in Group Policy to allow
    Scheduled Tasks to run without a password doesn't remove the requirement
    for a login password, if one has been set.

    --
    Nightowl
  4. Archived from groups: microsoft.public.windowsxp.general (More info?)

    So if they don;t have passwords anyone anywhere can log in by guessing their username, like Administrator.

    --
    --------------------------------------------------------------------------------------------------
    http://webdiary.smh.com.au/archives/_comment/001075.html
    =================================================
    "Nightowl" <owl@[127.0.0.1]> wrote in message news:vZEK7Gh8fGFDFwaQ@black.hole...
    > Goonerak wrote on Mon, 29 Aug 2005:
    >
    >>So the big question is: Is it possible to schedule a task from an
    >>administrator account that will run on 3 limited user accounts + the guest
    >>account but not on the administrator accounts?
    >
    > Hi Goonerak
    >
    > Yes, I think it should work.
    >
    > First, your problem of not knowing one of the kids' passwords for
    > Scheduled Tasks -- you can get round that by allowing Scheduled Tasks to
    > run without a password. To do this:
    >
    > In Start > Run type gpedit.msc <OK>.
    > In the Group Policy dialog navigate to: Local Computer Policy\Computer
    > Configuration\Windows Settings\Security Settings\Local Policies\Security
    > Options [phew!]
    >
    > In the right-hand pane the 3rd option down says: "Accounts: Limit local
    > account use of blank passwords to console logon only" -- right-click on
    > this for Properties and set to Disabled. Close the program.
    >
    > Now you can go to Scheduled Tasks (still from your admin account). For
    > this purpose it's easier to bypass the Add Task wizard (because we need
    > access to the settings tabs) and just go to File > New > Scheduled Task.
    > A new task will appear in the window with default settings; give it a
    > name, then right-click and choose Properties to get the New Task
    > settings box.
    >
    > On the Task tab fill in the details for the program you want to run. In
    > Run As: replace your username with your chosen victim's, and make sure
    > to check the box Run Only if Logged On -- you'll see then that the Set
    > Password button will fade itself out.
    >
    > Make any other settings you want on the Schedule and Settings tabs, then
    > OK your way out. You'd need to repeat this for each of the kids, plus
    > Guest; on my computer the Guest account is disabled, but I tried setting
    > a task as above in the Guest name, and the Scheduler seemed to accept
    > it.
    >
    > Hope this helps -- good luck!
    >
    > --
    > Nightowl
  5. Archived from groups: microsoft.public.windowsxp.general (More info?)

    David Candy wrote on Wed, 31 Aug 2005:

    >Admin accounts usually don't have passwords. Admin accounts names are
    >easily guessable as most haven't been renamed (as they should be).

    Mine all have passwords. I am sure the OP's do too, since he and his
    wife have admin accounts, with limited user accounts for the kids..

    >One needs to know two things to logon to a computer - name and
    >password. It easy to guess name=administrator and password=blank.

    Agreed, and that is a security risk.

    >Windows won't allow the world to use blank passwords. Your suggestion
    >would allow it.

    David, you are famously laconic :-) I *think* what you're saying is that
    after making this policy change, a hacker could remotely log into an
    account that is not password-protected; whereas, before making the
    change, he would have to be physically at the machine?

    I'm not so sure that Windows without the change would (or could) keep a
    determined hacker out. The answer to your point, surely, is to make sure
    all accounts are password-protected.

    --
    Nightowl
  6. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Admin accounts usually don't have passwords. Admin accounts names are easily guessable as most haven't been renamed (as they should be).

    One needs to know two things to logon to a computer - name and password. It easy to guess name=administrator and password=blank. Windows won't allow the world to use blank passwords. Your suggestion would allow it.

    --
    --------------------------------------------------------------------------------------------------
    http://webdiary.smh.com.au/archives/_comment/001075.html
    =================================================
    "Nightowl" <owl@[127.0.0.1]> wrote in message news:fKI2$tAN1NFDFwt4@black.hole...
    > David Candy wrote on Wed, 31 Aug 2005:
    >
    >>So if they don;t have passwords anyone anywhere can log in by guessing
    >>their username, like Administrator.
    >
    > Hi David
    >
    > Not sure I follow you: changing the setting in Group Policy to allow
    > Scheduled Tasks to run without a password doesn't remove the requirement
    > for a login password, if one has been set.
    >
    > --
    > Nightowl
  7. Archived from groups: microsoft.public.windowsxp.general (More info?)

    David Candy <?.?@?.?.invalid> wrote on Thu, 1 Sep 2005:

    >My point is that this is dangerous advice and should be given carefully
    >and WITH WARNINGS.
    >

    Hi David

    I take your point. I learned the "run Task Scheduler without a password"
    trick here in the ng, and up to now hadn't seen anyone objecting to it
    for security reasons.

    I can't help thinking that someone, shall we say "unaware" enough to run
    administrator accounts without a password would not be looking to do
    what the OP wanted to do.

    But you saw a loophole, and thank you for giving that warning. If I give
    this tip in future I will be sure to include it.

    --
    Nightowl
  8. Archived from groups: microsoft.public.windowsxp.general (More info?)

    My point is that this is dangerous advice and should be given carefully and WITH WARNINGS.

    --
    --------------------------------------------------------------------------------------------------
    http://webdiary.smh.com.au/archives/_comment/001075.html
    =================================================
    "Nightowl" <owl@[127.0.0.1]> wrote in message news:fJCGfHGlfPFDFwNh@black.hole...
    > David Candy wrote on Wed, 31 Aug 2005:
    >
    >>Admin accounts usually don't have passwords. Admin accounts names are
    >>easily guessable as most haven't been renamed (as they should be).
    >
    > Mine all have passwords. I am sure the OP's do too, since he and his
    > wife have admin accounts, with limited user accounts for the kids..
    >
    >>One needs to know two things to logon to a computer - name and
    >>password. It easy to guess name=administrator and password=blank.
    >
    > Agreed, and that is a security risk.
    >
    >>Windows won't allow the world to use blank passwords. Your suggestion
    >>would allow it.
    >
    > David, you are famously laconic :-) I *think* what you're saying is that
    > after making this policy change, a hacker could remotely log into an
    > account that is not password-protected; whereas, before making the
    > change, he would have to be physically at the machine?
    >
    > I'm not so sure that Windows without the change would (or could) keep a
    > determined hacker out. The answer to your point, surely, is to make sure
    > all accounts are password-protected.
    >
    > --
    > Nightowl
Ask a new question

Read More

Microsoft User Accounts Windows XP