Skip navigation
Menu
End-User Platforms>Windows 7/8

Access Denied: Monitoring for Unauthorized Scheduled Tasks

How can I monitor scheduled tasks on my server? I need to determine whether unauthorized jobs have been added. Can I glean this type of activity from the Security log?

If you use Windows Server 2003, you can obtain information about unauthorized jobs. Microsoft added a new event ID to Windows 2003 for tracking newly created scheduled tasks. First, you need to enable Audit process tracking. Then, you'll see event ID 602 in the server's Security log, which Figure 2 shows, whenever someone adds a scheduled task. As you can see, Windows logs the user profile that added the task, the task's filename, the command the task will run, and the task's triggers.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019