×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Windows 10 Task Scheduler and Stored Credentials

Windows 10 Task Scheduler and Stored Credentials

Windows 10 Task Scheduler and Stored Credentials

(OP)
I am trying to determine where Windows 10 stores the credentials for scheduled tasks and how those credentials are protected. I would have thought that they were managed in Credential Manager but they are not. Because they are needed to execute the task, I am assuming that they are not hashed in some way. I need to schedule a task to run at startup, which can only be done by storing the credentials. I would like to confirm that the credentials are stored in a secure fashion. What is the risk associated with storing credentials for tasks? Are the credentials expunged if the task is deleted? etc., etc. Might anyone have information on this? Thank you!

RE: Windows 10 Task Scheduler and Stored Credentials

(OP)
To add some additional information, it would appear that scheduled tasks are stored at the following location in the registry:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule

Changing the credentials (username and password) used to run a particular task results in changes to the following values:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CredWom\x-n-n-nn-nnnnnnnnnn-nnnnnnnnnn-nnnnnnnnn-nnnnn\Index
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\Hash
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\Triggers

However, changing solely the password of an existing user account that is used to run a scheduled task results in no apparent changes in any values below the "Schedule" key. As a matter of fact, I see no associated changes anywhere in HKLM.

Using Process Monitor, I can see mmc.exe accessing the "schedule" key when a task is created or modified. I can also see svchost.exe accessing the same portions of the registry, which is probably the operating system updating the Task Scheduler service (netsvcs), itself. The lsass.exe writes to the SAM file when a task password is updated. I do not know if it is simply verifying the password entered in the task at that point or if it is somehow storing (or linking) the task credentials in the SAM.

I am still not certain where or how the password is actually stored for scheduled tasks but it does not appear to be stored in the registry--at least not in HKLM--which is a good thing.

RE: Windows 10 Task Scheduler and Stored Credentials

>but they are not

Why do you think that?

RE: Windows 10 Task Scheduler and Stored Credentials

(OP)
If I create a task and have it run as a specific local admin account, that account does not appear in Credential Manager under Windows Credentials.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close