Schedule Tasks are viewable to all the users by default. Users with Local Admin rights can always access schedule tasks and delete them. Sometimes, you would want to prevent users with local admin rights from accessing the schedule tasks and deleting them. To accomplish this, you need to create a small script and then deploy it using a GPO.
As an example: You have a schedule task created on all the client computers. The schedule task name is BackupJob. You need to prevent users and local administrators from accessing this.
Create a script and add the following lines in the script. Script name would HideJob.CMD
- @Echo Off
- setlocal enabledelayedexpansion
- Echo Y| C:\Windows\System32\Cacls.EXE C:\Windows\Tasks\BackupJob.JOB /G SYSTEM:F
- IF !ErrorLevel! == 0 (
- Echo Done > C:\Windows\System32\Result.TXT
- ) ELSE (
- Echo BackupJob not found on local computer > C:\Windows\System32\Result.TXT
- )
Next, create a GPO or edit the existing GPO > Computer Configuration > Startup Script > and configure the HideJob.CMD.
Note: All the computers must be restarted for this to work.
The script runs at the next reboot and script is executed to set the permission on BackupJob.JOB. The permissions are assigned to SYSTEM account only. thus, preventing users and users with administrators from accessing this. The results are stored in the Result.TXT at client computer.
