Create scheduled task with powershell and not store password

Question

I am trying to make a powershell script to create a scheduled task to run a command on demand. the following is the code I have thus far.

$taskName = "TestTask"
$taskPath = "<taskdir>"
$user = "$env:USERDOMAIN\$env:USERNAME"
$response = Read-host "What's your password?" -AsSecureString 
$password=[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($response))
$action = New-ScheduledTaskAction -Execute "task.cmd"
$settings = New-ScheduledTaskSettingsSet -Compatibility WIN8
$principal = New-ScheduledTaskPrincipal -UserId Administrator -LogonType S4U -RunLevel Highest
$inputObject = New-ScheduledTask -Action $action -Principal $principal -   Settings $settings 
Register-ScheduledTask -TaskName $taskName -taskpath $taskPath -InputObject $inputObject -user $user -password $Password

This works well to setup the task the only thing I am looking for is to be able to run the task from any user in the admin group while the Administrator (who the task is run as) is not logged in and I don't want to store the password. When I set up a task through the GUI I can select the button to run whether the user is logged in or not which the above code achieves. But it won't check the box to say do not store the password. When I run the following command in powershell to look at the properties of the created task the output is as followed

get-scheduledtask testtask | select -ExpandProperty principal

DisplayName         :
GroupId             :
Id                  : Author
LogonType           : Password
RunLevel            : Highest
UserId              : WIN-REH2TQO7H7S\Administrator
ProcessTokenSidType : Default
RequiredPrivilege   :
PSComputerName      :

If I run the same command on a task I created through the GUI with the don't save password check I get the following

get-scheduledtask testtask | select -ExpandProperty principal

DisplayName         :
GroupId             :
Id                  : Author
LogonType           : S4U
RunLevel            : Highest
UserId              : WIN-REH2TQO7H7S\Administrator
ProcessTokenSidType : Default
RequiredPrivilege   :
PSComputerName      :

The only difference I have found is LogonType being S4U vs. Password. So in my powershell I added

$principal = New-ScheduledTaskPrincipal -UserId Administrator -LogonType S4U -RunLevel Highest

But even with the LogonType set to S4U in the code it still sets it to password when it creates it. I can go into the GUI and physically change the task after the powershell code runs and check that box at which point it is set correct. But does anyone have any idea as to why the code wont do it ? or if I missed something ?

Thanks for any help you can provide,

Mack.

Answer 1

I was looking for a similar thing, using the local admin account with 'Do not store password' enabled. Your post got me on the right track and mine now works.

Try this instead:

Register-ScheduledTask -TaskName $taskName -taskpath $taskPath -InputObject $inputObject

If that fails, try putting the principal in the line and take it out of the InputObject:

Register-ScheduledTask -TaskName $taskName -Action $action -Principal $Principal