Automate your IT with the Task Scheduler

Paul Hill

October 19, 2020

In this tutorial we are going to take a look at how you can use the Task Scheduler to run your automation scripts and make your life easier. This means you can spend more time watching cat videos, and less time doing repetitive tasks every day. That’s important!

For me, I have a server called INSASC01. It’s a Windows Server that’s only purpose is to run our script automations. Every day, I need to log into the server and run two commands that will sync the scripts on the server with GitHub.com. The command looks like this:

git reset --hard
git pull

This will make sure that the scripts on the local server are in sync with updates that have been pushed to GitHub.com from our developers. Well, I’d much rather be watching a cat video than logging in and running these two commands… so let’s automate it!

As a bonus, how about we make it run once a minute so those scripts stay….. really up to date…. Overkill you say? Well, probably true.

What you need to make this work

There are a couple things we need to set up before this can be set up to run without any interaction on my end:

  • Write a script to sync with GitHub.com
  • Create a service account and a service account group
  • Create a GPO that allows the service account group members to run as a batch job
  • Create the scheduled task

Write a script to sync with GitHub.com

For this all I needed to do was download git-scm for windows and run the initial git clone of my repo so provide my user credentials. This step is kind of unrelated to you and very specific for my scenario.

But essentially I can now run two commands to make sure that my local folder matches what is uploaded to GitHub.com

git reset --hard
git pull
Local Vs Github.com
Local Vs Github.com

When I make changes and push them to GitHub.com, the command above will make sure that my local server has the same scripts as those hosted at GitHub.com.

I wrote a very simple batch (*.bat) script that will CD into the script directory then run those two commands:

Image 8
auto-git-pull.bat

Now when I run that script it will make sure that my scripts are all up to date no matter what the state of the local script repo:

Gitpull
Git pull script

Create a service account and a service account group

Before we can schedule this task, we should create a service account with limited permissions inside of our domain. We could use our user account, but this is generally a bad practice because…

  • You’re account was locked out
  • Your password expired
  • Your account was disabled
  • Your account was deleted
  • Your account lost the “log on as a batch job” user right

All of these scenarios will cause the scheduled task to fail. We could create an MSA (Managed Service Account), but for simplicities sake we are going to use an old fashioned AD user account.

If you’re doing this in a live / production network then you should consider reading up on the Top 10 Active Directory Service Accounts Best Practices in 2020.

I’m going to open the Active Directory Users and Computers console on my Domain Controller by clicking Tools > Active Directory Users and Computers in Server Manager:

Image 10
Starting the Active Directory Users and Computers Console

I created a zPowershell user and Service Accounts security group as shown below:

Image 9
Active Directory zPowershell user and Service Accounts group

I added the zPowershell user to the Service Accounts security group then I set that to its primary group. I removed the Domain User membership since the account won’t need that. I also configured the user so it cannot change its own password.

Service Accounts 1
Active Directory Service Account User

Create a GPO that allows the service account group members to run as a batch job

Now we need to configure our target computers to allow zPowershell to log in as a batch job. This permission is required if I want to run my scheduled task whether or not the user is logged in.

To accomplish this, I am going to open the Group Policy Management console on my Domain Controller by clicking Tools > Group Policy Management in Server Manager:

Image 11
Start the Group Policy Management Console

I’m going to create a GPO and link it to the OU where my domain computers are located. Im calling my GPO Service Account Rights and Restrictions:

Image 12
Service Account GPO Perimssions

Inside the GPO I am going to configure the following settings:

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment

  • Deny log on locally: Service Accounts
  • Deny log on through remote desktop services: Service Accounts
  • Log on as a batch job: Service Accounts

Screenshot below:

Image 14
Service Account GPO settings

Setting up service accounts can probably be a tutorial all on its own – so consider doing your own research into this to make sure you lock it down appropriately.

Create the scheduled task

I want to run my scripts from my INSASC01 script server, so I am going to switch over there. The important thing is that it is joined to the domain and will have access to the GPOs and the service account we just created.

To launch the Task Scheduler, simply click the Windows button and search “Task Scheduler”:

Image 15
Start the Task Scheduler

I like to create a new folder for my company so that my custom tasks are organized for other admins who come in behind me. So I just need to right-click on Task Scheduler Library and select New Folder

Image 16
Create a new folder in the Task Scheduler

I named this folder “Server Academy Tasks”. Inside of the folder I created a new Task

Image 17
Create a Basic Task in Windows Task Scheduler

On the general tab we need to configure a few settings.

  1. Enter a name for your task (this can’t be changed later)
  2. Change the user account to your AD account that is a member of the Service Accounts security group (mine is zPowershell)
  3. Select Run whether user is logged on or not
Image 18
Configure new task

Go to the Triggers tab and complete the following steps as shown below:

  1. Click New to make a new Trigger
  2. Check Repeat task every Set your repeat schedule (I am using 1 minute)
  3. Change for a duration of to Indefinitely
  4. Check Stop task if it runs longer than and set your desired time (my script takes a few seconds so I am using 30 seconds).
  5. Click OK.
Image 19
Configure Scheduled Task Triggers

Go to the Actions tab and complete the steps below:

  1. Click New
  2. Add your desired script under Program/script
  3. Click OK
Image 21
Create a new Action in the Task Scheduler

Now go to the Settings tab and do the following:

  1. Check the second checkbox so the task will run ASAP if it missed a schedule
  2. Check the Stop the task if it takes longer than and set it to your desired time. Since my script only takes a few seconds, I am setting it to 1 minute
  3. Click OK
Image 23
Configure the Task Scheduler Settings

Click OK again to save the new task. Now you will be prompted to enter the password for the user account you configured for the scheduled task:

Image 24
Configure your Scheduled Task user password

Now I have the new Scheduled Task created and it will keep my local repo in sync with GitHub.com!

Image 25
Scheduled Task

If I go to my script directory and delete all the scripts then my scheduled task will fix this within 1 minute!

Blogpostctadesktop

Sign up free and start learning today!

Practice on REAL servers, learn from our video lessons, interact with the Server Academy community!

More from our blog

How to Become a Hacker

By Paul Hill | October 15, 2022

Becoming a hacker can be an exciting and rewarding six-figure job. Any product that uses digital technology is a potential target to be hacked – that means not just computers and phones but also your car, thermostats, garage door openers, smart coffee machines, and any other smart home device. That is why ethical/white hat hackers…

System Administrator Salary in 2022

By Ricardo P | August 27, 2022

Before deciding to become a System Administrator full-time, you might ask yourself, what is the system administrator salary and what can you expect? And, it is reasonable to research if becoming a System Administrator full-time will be a lucrative career. But the answer is that it all depends on your education, certifications, skills, location, and…

How to Easily Automate Tasks with PowerShell

By Ricardo P | July 1, 2022

You might know PowerShell as the improved command prompt version of Microsoft Windows, but PowerShell is more than that. It is also a scripting language that can be used for automation, and in this article we’ll show you how to automate tasks with PowerShell.

Assign License to a User using Licensing Group

By Jefferd Facundo | March 13, 2022

In this lesson, we will go through the steps on how to add user(s) to a licensing group in your Microsoft 365 tenant. Step 1: Access Microsoft Admin Center to manage the user’s license. On your browser, login to Microsoft 365 Admin Portal via https://portal.office.com On the Sign in page, enter your Global Admin username in an email…

Running Message Trace in Exchange Admin Center

By Jefferd Facundo | February 5, 2022

In this tutorial, you will learn how to run a message trace using Exchange Admin Center to track any messages that was not delivered correctly or simply getting the status of the message sent or supposed to be received by the user(s). Step 1. Log in to Exchange Admin Center for Exchange Online. On your…

How to Create a Licensing Group in Microsoft 365 Tenant

By Jefferd Facundo | February 4, 2022

In this lesson, we will go through the steps on how to Create a Licensing Group in your Microsoft 365 tenant. Step 1: Access Azure Active Directory On your browser, login to Microsoft 365 Admin Portal via https://portal.office.com On the Sign in page, enter your Global Admin username in an email format and then enter your password on…

Windows Cyber Security – STIGs for Beginners

By Paul Hill | February 1, 2022

This tutorial will show you how you can get started learning the technical side of Cyber Security for Windows environments. This tutorial is going to show you how to use STIGs (Security Technical Implementation Guides) to identify low, medium and high vulnerabilities and patch them in your Windows Environments. What is a STIG? A STIG…

Creating Mail Flow Rules

By Jefferd Facundo | January 19, 2022

In the lesson you will access the Exchange Admin Center for Exchange Online and create a mail flow rule that checks for sensitive information in emails sent from inside your organization. Step 1. Log in to Exchange Admin Center for Exchange Online. On your browser, login to Microsoft 365 Admin Portal via https://admin.microsoft.com On the…

How to run SQL Commands from PowerShell

By Paul Hill | July 23, 2021

If you want to run SQL commands from your PowerShell terminal you can do so by simply installing the SQLServer module with the command below: You will be prompted to install from an untrusted source. Type “A” to accept and install the module. Once it is complete you can see all the new commands you…

Adding Multiple Cloud Users to Microsoft 365 tenant.

By Jefferd Facundo | July 18, 2021

In this lesson, you will learn how to import multiple cloud users to your Microsoft 365 tenant. If you want to learn about getting started with Microsoft 365, click here. Step 1. Create your users’ information into CSV file using the given template in your tenant. On your browser, login to Microsoft 365 Admin Portal…