JSI Tip 3215. How do I schedule a job to run under the SYSTEM context?

In tip 0243 » Debugging scheduled jobs, I stated that the Windows NT Scheduler service runs under the SYSTEM account context, by default. In Windows NT, scheduled jobs run in the context of the Scheduler.

Windows 2000, and Windows NT 4.0 running later versions of Internet Explorer, use the Task Scheduler Service. MSTask.exe runs under the SYSTEM account context.

There is no way to cause the Task Scheduler GUI to schedule a job using the SYSTEM account content and have it actually run. When you run a job that you configured to use the SYSTEM account, it does not run.

When you inspect the Scheduled Tasks log, you see:

The attempt to log on to the account associated with the task failed, therefore, the task did not run. The specific error is: 0x80070057: The parameter is incorrect. Verify that the task's Run-as name and password are valid and try again.

Microsoft released an update to the Microsoft ® Task Scheduler Command Line Utility, that would allow using the /SC switch, with a NULL password, to accomplish this. Unfortunately, it didn't work, and they subsequently pulled the update and deleted the Knowledge Base article.

To workaround this issue:

1. Open a CMD prompt.

2. Use the AT command to schedule the job.

NOTE: Don't try to amend one of these scheduled jobs using the GUI, as it is likely to reset the RunAs account information.

From the NTcmds.chm file:

at \[\\computername\] /delete \[/yes

at \[\\computername\] time \[/interactive\] \[/every:date\[,...\] | /next:date\[,...\]\] command


none - Used without parameters, at lists scheduled commands.

\\computername - Specifies a remote computer. If this parameter is omitted, the commands are scheduled on the local computer.

id - Specifies the identification number assigned to a scheduled command.

/delete - Cancels a scheduled command. If id is omitted, all the scheduled commands on the computer are canceled.

/yes - Forces a yes answer to all queries from the system when deleting scheduled events.

time - Specifies the time when the command is to run. Time is expressed as hours:minutes in 24-hour notation (00:00 \[midnight\] through 23:59).

/interactive - Allows the job to interact with the desktop of the user who is logged on at the time the job runs.

/every:date\[,...\] - Runs the command on every specified day or days of the week or month (for example, every Thursday, or the third day of every month). Specify date as one or more days of the week (M,T,W,Th,F,S,Su) or one or more days of the month (using numbers 1 through 31). Separate multiple date entries with commas. If date is omitted, the current day of the month is assumed.

/next:date\[,...\] - Runs the specified command on the next occurrence of the day (for example, next Thursday). Specify date as one or more days of the week (M,T,W,Th,F,S,Su) or one or more days of the month (using numbers 1 through 31). Separate multiple date entries with commas. If date is omitted, the current day of the month is assumed.

command - Specifies the Windows 2000 command, program, or batch program (.bat or .cmd file) to be run. When the command requires a path as an argument, use the absolute path, that is, the entire path beginning with the drive letter. If the command is on a remote computer, specify UNC notation for the server and share name, rather than a remote drive letter. If the command is not an executable (.exe) file, you must precede the command with cmd /c; for example:

cmd /c dir > c:\test.out

Four months ago, an application that I was testing reset the permissions on the HKCR/Installer key and subkeys, such that new MSI packages could be installed, but existing MSI packages were owned by the SYSTEM and Everyone had Read permissions. This prevented deleting or reinstalling any of these MSI packages.

I just discovered this problem last week and any attempt to manually reset these permissions failed. My only solution was to either:

- Restore the Software hive from four months ago.

- Open Regedt32 in the System account context, to reset and reassign the permissions and ownership.

Guess which solution I chose?

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.