I see a lot of ways to find a schedule task in Windows using the Task Name. The problem we have is that none of our customers or System Admins used a standard name for schedule tasks use to reboot a system.
Is there a way to find a schedule task that has “shutdown” in the task to run (AKA Action)?
Not just “shutdown” but that would be in the command somewhere itself.
shutdown -r -f -t 300 -c “Example of the command”
This way we can find all scheduled tasks using the shutdown command.
@D.Dean The Find feature in the console, which works great for Fixlets and Tasks, does not filter on the contents of the action scripts, so I think we will have to use Session Relevance.
In Web Reports, open your QNA page.
https://BigFixWR.customer.com:####/webreports?page=QNA
there will be a nice Q: waiting for you.
Try this query to find the names and IDs of actions that have shutdown in their action script.
Tweak your contains as needed.
Q: (name of it, id of it, state of it) of bes actions whose (action script of it as string as lowercase contains "shutdown")
Could be made into a regular Custom Web Report if you need it more than just once.
I realize I answered a completely different question than you asked.
Are you wondering how to use Client Relevance to detect, on Windows endpoints, Scheduled Tasks which will shutdown Windows?
I suspect you want to explore the Scheduled Task inspector:
https://developer.bigfix.com/relevance/reference/scheduled-task.html
Most likely in the XML of Scheduled Tasks
Found similar posting here:
A tweak to that XML parsing relevance gives you the names and actions of ALL of the scheduled, tasks.
q: (name of it, node values of child nodes of xpaths ("xmlns:a='http://schemas.microsoft.com/windows/2004/02/mit/task'", "/a:Task/a:Actions/a:Exec/a:Command") of xml documents of xmls of it) of scheduled tasks
Then we Whose on item 1 to filter for only ones that have our shutdown string.
q: (name of it, node values of child nodes of xpaths ("xmlns:a='http://schemas.microsoft.com/windows/2004/02/mit/task'", "/a:Task/a:Actions/a:Exec/a:Command") of xml documents of xmls of it) whose (item 1 of it as lowercase contains "shutdown") of scheduled tasks
I should be able to work with that. I appreciate the help
