(imported topic written by Kenz91)
Is there an easy way to collect the Scheduled tasks , schedule time, and the user account use to run it on Windows servers?
(imported topic written by Kenz91)
Is there an easy way to collect the Scheduled tasks , schedule time, and the user account use to run it on Windows servers?
(imported comment written by cstoneba)
This seems to work, but I don’t see an easy way of pulling back the username
(names of it, next run times of it) of scheduled tasks
Run in QnA to see all inspectors for ‘scheduled tasks’
q: properties whose (it as string as lowercase contains “scheduled”)
(imported comment written by NoahSalzman)
I created a task named “Test Task” in Windows 7 and was able to get the user account from it using the XML doc associated with the task. There is one weird bit in this example where I had to get rid of the XML namespace (XMLNS) attribute to make it work with the xpath inspector:
q: node values of child nodes of xpaths (“Task/Principals/Principal/UserId”) of xml document of (concatenation “foo=” of substrings separated by “xmlns=” of xml of scheduled task whose (name of it is “Test Task”))
A: GANYMEDE\Noah Salzman
Edit: here is a better way to do it that works around the namespace issue
q: node values of child nodes of xpaths ("////") of xml document of xml of scheduled task whose (name of it is “Test Task”)
A: GANYMEDE\Noah Salzman
(imported comment written by MattBoyd)
xpath <3
(imported comment written by NoahSalzman)
I dunno man… maybe it’s just lack of familiarity but the syntax seems sorta goofy. But yes, it’s better than "child nodes of child nodes… " over and over.
(imported comment written by Kenz91)
Thanks for the suggestions. I ended up creating a task using the cmd line to run schtasks.exe and parsed the data into a text file then pulled that out with an analysis. It’s really a shame that the inspector doesn’t include the username property
(imported comment written by NoahSalzman)
I’m a little confused? Isn’t that what I gave you? Are you saying “I want you to finish my homework and complete the solution with the time stamp added in.”?
(imported comment written by MattBoyd)
Don’t have hate for the namespace, embrace it!
(names of it, node values of child nodes of xpaths (“xmlns:t=‘http://schemas.microsoft.com/windows/2004/02/mit/task’”, “/t:Task/t:Principals/t:Principal/t:UserId”) of xml documents of xmls of it) of scheduled tasks whose (name of it contains “Google”)
Thanks to whoever implemented namespace-prefix mappings into the xpath inspector
(imported comment written by NoahSalzman)
Ooo… nice, I was looking for an example for what you just did but was having trouble wading through all the C#, xslt, and vb garbage on the nets.
Kenz, here is the version that will answer your original question:
q: ((names of it, node values of child nodes of xpaths (“xmlns:t=‘http://schemas.microsoft.com/windows/2004/02/mit/task’”, “/t:Task/t:Principals/t:Principal/t:UserId”) of xml documents of xmls of it), (next run times of it)) of scheduled tasks
A: ( Test Task, GANYMEDE\Noah Salzman ), ( Thu, 21 Apr 2011 10:00:31 -0700 )
A: ( AitAgent, S-1-5-18 ), ( Thu, 21 Apr 2011 02:30:00 -0700 )
A: ( ProgramDataUpdater, S-1-5-18 ), ( Thu, 21 Apr 2011 00:30:00 -0700 )
(imported comment written by SystemAdmin)
Seems like a good candidate for an official Scheduled Tasks Analysis from IBM…
(imported comment written by MattBoyd)
Noah
Ooo… nice, I was looking for an example for what you just did but was having trouble wading through all the C#, xslt, and vb garbage on the nets.
Yeah, it’s hard to find good examples of advanced xpath stuff. This link gives a good explanation of what’s going on here with the default namespace: http://www.edankert.com/defaultnamespaces.html. The xpath inspector allows use to define our own namespace prefix mappings for such events. Yay!
jaspanitz
Seems like a good candidate for an official Scheduled Tasks Analysis from IBM…
That would be nice! It reminds me of this feature suggestion that you brought up: http://forum.bigfix.com/viewtopic.php?id=5405. I think this is a good example of where that would be useful.
(imported comment written by Kenz91)
Noah
I’m a little confused? Isn’t that what I gave you? Are you saying “I want you to finish my homework and complete the solution with the time stamp added in.”?
Didn’t mean to upset you. I was just saying I used an alternative method before you posted what you did. When I didn’t see username as one of the properties of the schduled tasks inspector I went with a less elegant solution.
(imported comment written by NoahSalzman)
(imported comment written by Kenz91)
Is there something similar that will pull the UserId for services?
(imported comment written by NoahSalzman)
You are probably looking for "login account of ".
q: properties whose (it as string contains “service” and it as string does not contain “firewall”)
A: service key value name of : string
A: service pack major version of : integer
A: service pack minor version of : integer
A: service : service
A: services: service
A: win32 services: service
A: driver services: service
A: all services: service
A: running service : service
A: running services: service
A: win32 running services: service
A: driver running services: service
A: all running services: service
A: relay service: service
A: main gather service: service
A: service name of : string
A: display name of : string
A: state of : string
A: can interact with desktop of : boolean
A: win32 exit code of : integer
A: service specific exit code of : integer
A: checkpoint of : integer
A: login account of : string
A: start type of : string
A: image path of : string
A: file of : file
A: version of : version
A: win32 type of : boolean
A: driver type of : boolean
A: service group: security account
A: local service group: security account
A: network service group: security account
A: security descriptor of : security descriptor
A: service account logon of : boolean
(imported comment written by Kenz91)
Thanks Noah that’s what I was looking for.
(imported comment written by cstoneba)
it appears that “(names of it, node values of child nodes of xpaths (“xmlns:t=‘http://schemas.microsoft.com/windows/2004/02/mit/task’”, “/t:Task/t:Principals/t:Principal/t:UserId”) of xml documents of xmls of it) of scheduled tasks” doesn’t work on Win2003 systems, because i’m getting “,” as a results for those endpoints, but when I run “names of scheduled tasks” in fixlet debugger on one of them, i get results.
Has anyone found a workaround to get this to return the name and userid of scheduled tasks on Win2003 or WinXP?