i’m trying to import a XML Task Scheduler task with a actionscript.
The command is working on command prompt and also in the fixlet debugger under system account.
But i’m loosing my hairs, it does not work when launching the task on the target computer with bigfix.
Here is the command:
action uses wow64 redirection {not x64 of operating system}
if {name of operating system = “Win7”}
waithidden schtasks.exe /create /RU “SYSTEM” /TN “Sysmon alert script” /XML “c:\Sysmon\alertscript\Sysmon alert script.xml” /F
This command also work on QNA under system account:
the scheduled task is not registered while it work by hand on command prompt or systemed QNA test…
It looks like the QnA under system account does not have the same behaviour as “true” BESclient service account…
It looks like the command is executing, but giving an error result.
You could try wrapping the command in a CMD shell, so you can capture any command-line error messages.
Also check whether the script has normal double quotes or “smart quotes”
Hello,
I have already done this trick by the past, the log file was empty.
Anyway, i have finally found a workaround, i do this with powershell and it work as excepeted.
For windows 10 in one line from BigFix:
waithidden { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -executionpolicy ByPass -windowstyle hidden -nologo -NoProfile -Command “Register-ScheduledTask -xml (Get-Content ‘C:\Sysmon\alertscript\Sysmon alert script.xml’ | Out-String) -TaskName ‘Sysmon alert script’ -TaskPath ‘Scripts’ -User SYSTEM -Force”
And for Windows 7 who does not handle the Register-ScheduledTask commandlet , i run a script from bigfix:
waithidden { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -executionpolicy ByPass -windowstyle hidden -nologo -NoProfile -File “C:\Sysmon\alertscript\Win7_RegisterTask.ps1”