Scheduled task not working when user is not logged on

Advertisement

Chris W
Guest

Scheduled task not working when user is not logged on

Hi all,

I have a Powershell script which I run via the Windows Task Scheduler on a Windows 2016 server.

The script uses the guidance in https://winscp.net/eng/docs/guide_protecting_credentials_for_automation:-

Whilst logged on as the account that will run the scheduled task, I used ConvertFrom-SecureString to encrypt the password, then stored the encrypted password in an XML file. The script uses ConvertTo-SecureString on the password read from the XML file and assigns the result to SessionOptions.SecurePassword.

I use SessionLogPath to log WinSCP's actions.

The scheduled task runs exactly as expected when the user is logged in. But when the user is logged out, it doesn't. The scheduled task runs (it is configured to run whether the user is logged in or not) but no SessionLog is created. I have been able to determine that the script gets to the Session.Open before it stops working.

If I use the password in plain text in the XML file, and assign that to SessionOptions.Password, the script works fine, whether the user is logged in or not.

I think this means that the script is unable to decrypt the password when running with the user logged out, but I don't understand why. The scheduled task uses the same account that was used to encrypt the password.

What am I missing?

Let me know if any further information is needed - as this is a lengthy post already, I didn't want to overload it with too much information that isn't necessary. Thanks in advance for any help.

Chris

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,276
Location:
Prague, Czechia

Re: Scheduled task not working when user is not logged on

Well, this is not a WinSCP question.

But anyway, I believe that to decrypt the password, you need your local account password.
Make sure you did not check the "Do not store password" option in scheduler.

Reply with quote

Chris W
Guest

Hi Martin,

Not directly, no. But if automating WinSCP tasks, it seems likely that you might wish to run them in this way, and if anyone will know the answer, it's you.

Thanks for the suggestion. Our security policy currently does not allow tasks to run with that box unchecked, so I will give it a try, but it will take a while to talk the security guys around :-)

Reply with quote

Advertisement

You can post new topics in this forum