Run a powershell script from a UNC path via Task Scheduler in Windows 2008


As an admin I store all my PS scripts on a central server and schedule tasks on each individual server so its no big deal if I change a script around.

So scheduling these tasks on 08 was way more of a pain than I thought it would be. There are a couple of steps involved in order to get this to work correctly.

Powershell Config

With 2k8 there are two things off the bat that stop you from running a script from UNC

The more common is the execution policy, which by default is Restricted. In this case ideally what you want is remote signed. Its not the best idea, but since signing can be a bit of a pain you might go with unrestricted at your own risk. in PS just type in set-executionpolicy remotesigned

you can actually do this with a GPO

http://www.microsoft.com/downloads/details.aspx?familyid=2917a564-dbbc-4da7-82c8-fe08b3ef4e6d&displaylang=en

IE Config (shut off IE ESC)

so once you get the execution policy setup correctly you need to disable IE Enhanced Security Configuration (IE ESC) to allow UNCs to be considered Intranet. You can set a registry key, UNCAsIntranet, to accomplish this, but its a account based key. you can find info on that key here

http://technet.microsoft.com/en-us/library/bb457150.aspx

HKEY_CURRENT_USER\Software\Policies\Microsoft \Windows\CurrentVersion\Internet Settings\ZoneMap

DWORD: UNCAsIntranet 1

Personally I prefer to shut off IE ESC because you shouldn’t be using a server to surf the web. To do this you open up Server Manager (that nifty little link on the task bar) and highlight the Server Manager node at the top of the list. On the right hand side if you scroll down a bit one of the right hand boxes will have a link for Configure IE ESC and turn it off for both (your script account may not be an admin, depending on how you configure things)

The Account

The next thing is the account you use to run the script, I’m going to assume its not your own account and you’ve setup an account just for running scripts. In order for this account to run the script correctly you need to login with it. The reason for this is that after you’ve disabled IE ESC or created that reg key (via a gpo I’m guessing) the users needs to login in order to have the UNCAsIntranet key created under their account.

The Task

This is the easy part really, open up Task Scheduler and you can just create a basic task. You’ll need to point it to powershell (C:\Windows\System32\WindowsPowerShell\v1.0 yup, it still says V1) and as the arguments you’ll use –command “\\server\share\script.ps1”

at the end of the basic task creation wizard check off the box that says open property page and go to the General tab and check off Run with highest privileges (to get past UAC).

 

That’s it!

Advertisements

About jrich

I am the Solutions Architect for Apex Learning in Seattle WA. I've been working with computers since I was 13. Started programming when I was 14. Had my first IT job as tech support at an ISP at the age of 15 and became a network admin at the age of 17. Since then I've worked at a variety of small to mid size companies supporting, maintaining and developing all aspects of IT. Mostly working with Windows based networks but have recently been working with Solaris system as well. I created this blog mostly as a place for me to take my own notes, but also share things that I had a hard time finding the info for.

Posted on May 25, 2010, in WMF (Powershell/WinRM) and tagged , , . Bookmark the permalink. 9 Comments.

  1. Thanks mate for this procedure. I’ll look like a sharp(er) dude at work next week!

  2. Hey Justin, I thought I’d just drop off some possible additions to your post. You can use Group Policy Preferences to schedule the same task on multiple servers, and if you don’t want to set the execution policy to remote signed or unrestricted on each machine, you can launch powershell.exe with the -ExecutionPolicy parameter and run the task in “unrestricted” or perhaps “bypass” mode.

  3. Heya i’m for the primary time here. I came across this board and I in finding It truly helpful & it helped me out much. I’m hoping to present
    one thing again and aid others like you aided me.

  4. I hardly leave remarks, however i did some searching and wound
    up here Run a powershell script from a UNC path via Task Scheduler in Windows 2008 JRICH’s Brain Dump. And I actually do have 2 questions for you if it’s allright.
    Is it only me or does it look as if like a few of
    the remarks come across as if they are coming from brain dead people?
    :-P And, if you are writing at other places, I’d like to keep up with anything fresh you have to post. Would you list of all of your communal pages like your Facebook page, twitter feed, or linkedin profile?

  5. I do believe all the concepts you’ve presented to your post. They are very convincing and can certainly work. Nonetheless, the posts are very quick for beginners. May you please extend them a bit from subsequent time? Thanks for the post.

  6. Hi, I just came by to look at this site. It is really great and I had a good time reading it, thank you for the great writing!

  7. I like what you guys tend to be up too. This sort of clever work and reporting!
    Keep up the wonderful works guys I’ve incorporated you guys to our blogroll.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: