Is it possible for a Scheduled Task to run as NETWORK SERVICE?
I asked this same question. Fortunately RyanRies was able to provide a correct answer.
In Windows Server 2003 you cannot run a scheduled task as
NT AUTHORITY\NetworkService (aka the Network Service account). That capability only was added with Task Scheduler 2.0, which only exists in Windows Vista/Windows Server 2008.
- LocalService Account is a built-in account with limited privileges on the local computer, and accesses the network as anonymous. You should use this account to run your scheduled tasks
- NetworkService Account is a built-in account with limited privileges on the local computer, and accesses the network as the machine (e.g.
VADER$). You can use this account to run your scheduled tasks if you need authenticated network access
- LocalSystem Account is a built-in account with extensive privileges on the local computer. You should never use this account to run scheduled tasks
You can't. The functionality was introduced in Task Scheduler 2.0, which means Vista/2008+.
From the documentation for Schtasks.exe:
A value that specifies the user context under which the task runs. For the system account, valid values are "", "NT AUTHORITY\SYSTEM", or "SYSTEM". For Task Scheduler 2.0 tasks, "NT AUTHORITY\LOCALSERVICE", and "NT AUTHORITY\NETWORKSERVICE" are also valid values.
I tried doing this several ways, but now I don't think it's possible. I'd be glad to stand corrected on this, but I tried everything I could think of, including adding
NETWORK SERVICE to
Administrators, tweaking all sorts of Local Security Policy settings, etc.
When I enable auditing, I get this:
Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 680 Date: 02/03/2010 Time: 8:49:53 PM User: NT AUTHORITY\SYSTEM Computer: RESULTANT Description: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: NETWORK SERVICE Source Workstation: RESULTANT Error Code: 0xC0000064 Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 02/03/2010 Time: 8:49:53 PM User: NT AUTHORITY\SYSTEM Computer: RESULTANT Description: Logon Failure: Reason: Unknown user name or bad password User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon Type: 4 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: RESULTANT
0xC0000064 decodes to
NO_SUCH_USER. That's a bit silly, considering that I entered only
network service – how did it know that the account that failed was in
When I enter an invalid username, I don't even see the authentication attempt at all. So clearly something agrees that
NETWORK SERVICE is an actual account.
If I botch the password for a known username (ie
Administrator), I get
Try adding the
Log on as a batch job right to
NETWORK SERVICE. I think it's a silly idea; you should just bite the bullet and create a domain account…