legitimacy of the tasks in the task scheduler
- by Eyad
Is there a way to know the source and legitimacy of the tasks in the task scheduler in windows server 2008 and 2003? Can I check if the task was added by Microsoft (ie: from sccm) or by a 3rd party application?
For each task in the task scheduler, I want to verify that the task has not been created by a third party application. I only want to allow standards Microsoft Tasks and disable all other non-standards tasks.
I have created a PowerShell script that goes through all the xml files in the C:\Windows\System32\Tasks directory and I was able to read all the xml task files successfully but I am stuck on how to validate the tasks.
Here is the script for your reference:
Function TaskSniper()
{
#Getting all the fils in the Tasks folder
$files = Get-ChildItem "C:\Windows\System32\Tasks" -Recurse | Where-Object {!$_.PSIsContainer};
[Xml] $StandardXmlFile = Get-Content "Edit Me";
foreach($file in $files)
{
#constructing the file path
$path = $file.DirectoryName + "\" + $file.Name
#reading the file as an XML doc
[Xml] $xmlFile = Get-Content $path
#DS SEE: http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/caa8422f-6397-4510-ba6e-e28f2d2ee0d2/
#(get-authenticodesignature C:\Windows\System32\appidpolicyconverter.exe).status -eq "valid"
#Display something
$xmlFile.Task.Settings.Hidden
}
}
Thank you
