Hi All, Looking to create an analysis that will list all Scheduled Tasks and the account that runs each one. I have found a snippet ( names of scheduled tasks ) that will produce a list of all of the tasks, but I would like to marry each scheduled task with the account that’s running it. Then I can produce a Web Report with all of the items. Any hints or direction would be greatly appreciated. Thanks!
Hello!
I don’t want to spoil it for you so here is a hint: http://support.bigfix.com/inspectors/Task%20Objects_Any.html
You should find the property you’re looking for on that page. The inspector reference is incredibly useful for finding things like this.
If you can’t find it reply back and I’ll spoil the hint and give you the relevance you need to find the account running the task!
Thank you for the link. I did find that - and thats where I found the “names of scheduled tasks” part. But concatenating it with the user ID has been unsuccessful. My relevance skills are about a 2 of 10… I would in no way be offended if you were to throw in a spoiler. Thank YOU for the help.
Here you go:
Take a look at the inspector guide and let me know if that relevance makes sense to you -- if it doesn't let me know and we can deep dive it!
2 Likes
Thank you so very much. I have it running in an analysis and its working well. I do “get” some of it. ( see how I did that 
) Its a kind offer and I would like very much to do a deep dive at some point. I’m used to VBS and some powershell. Relevance is to me is backwards.
1 Like
Relevance is a read only query language, which limits it, but also makes it very useful.
Relevance has more in common with something like WMI than VBS, excluding the active parts of WMI that can make changes. There are other non-windows similar examples like OSquery, Factor, and others.
I actually quite like the distinction of having something that is strictly read only.
I also like the power that comes with relevance substitution, pairing the read only inside a script that makes changes in an action.
1 Like
So to give you some background – i’ve never had to get the User ID for a scheduled task. I got interested when I saw your post and went through the inspector guide to figure it out.
It can be hard to explain relevance like this but here we go!
Relevance is object oriented so to do anything we need to create an object. To do this we use creation methods.
The creation method for scheduled tasks is, “Scheduled Tasks” (defined here): http://support.bigfix.com/inspectors/Task%20Objects_Any.html#scheduled task
If we run this in Fixlet debugger we get the following:
Q: scheduled tasks
E: This expression evaluates to an unrepresentable object of type “scheduled task”
T: 171.249 ms
This is a good error. This means that we have a list of scheduled tasks but it doesn’t know how to show us what a scheduled task looks like.
So how do we represent a scheduled task? A name works. If we look at the guide we see under, “Properties” that there is a name of . Lets give that a shot.
Q: names of scheduled tasks
A: Optimize Start Menu Cache Files-S-1-5-21-1440172557-2372731197-1498938429-1104
A: Optimize Start Menu Cache Files-S-1-5-21-2832046585-3437359362-1061037012-1001
A: Optimize Start Menu Cache Files-S-1-5-21-2832046585-3437359362-1061037012-500
A: Optimize Start Menu Cache Files-S-1-5-21-2907966901-224744048-3677943571-1103
A: Test
A: .NET Framework NGEN v4.0.30319
…
T: 172.375 ms
Cool! Now we have the names of all the tasks. Now onto the real goal – lets get the user the task will run as.
My first instinct… search the inspector page for, “User” and find, “user id of ”
This could work except that we have objects of type, “Scheduled Task” not, “Task principal” so we need to somehow turn, “Scheduled Task” into “Task Principal” so we can get the user ID of it.
So we find the Task Principal object in the inspector guide and see its creation method: “principal of ”. This will give us a Task Principal object from a task definition object.
Ok… well that’s closer – but we still have the same issue, we have a Scheduled Task object not a task definition object.
So lets look at the task definition object!
Here we find a creation method: “definition of ”. This will give us a task definition object from a scheduled task object.
Now we can combine them all together:
Scheduled Tasks
Definition of (Scheduled Tasks)
Principals of (Definitions of (Scheduled Tasks))
User IDs of (principals of (definitions of (scheduled tasks)))
2 Likes