Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: Scheduled Task Scheduler UAC Windows Vista 7 RunWithLogon wntRunAsUser Local System
Here is some background:
The RunWithLogon() function makes direct use of a Win32 API function, CreateProcessWithLogonW(), which performs an interactive logon using the specified credentials. Because the logon is interactive, it is subject to automatic token filtering via UAC. This means that even if the credentials passed to RunWithLogon() are for an admin account, the access-token that is created for the child process will be a filtered admin token that has no more privileges than a normal user.
If the Task Scheduler runs scheduled tasks as the Local System account in service mode rather than as interactive tasks in the user's session, then the scripts will have admin rights locally but won't have any identity on the network except for that of the computer on which the script is running. By running as local system, though, it is permissible for the script to call the wntRunAsUser() function [in the Win32 Network Extender] to create a service mode or batch mode access-token that can then be impersonated by the script to have a specific admin account identity both on the local system and on the network.
Of course, all scheduled tasks set up to run as Local System have to be created by a user currently running with admin rights, so even this method doesn't allow a normal user to bypass UAC if it is enabled in order to set up the scheduled tasks.
Article ID: W18320
Filename: Scheduled Tasks.txt
File Created: 2011:09:12:10:39:40
Last Updated: 2011:09:12:10:39:40