This is a custom resouce for inspec Use can use it to audit the scheduled tasks on a windows system.
Here are some examples
describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
its('logon_mode') { should eq 'Interactive/Background' }
its('last_result') { should eq '1' }
its('task_to_run') { should cmp '%Windir%\system32\appidpolicyconverter.exe' }
its('run_as_user') { should eq 'LOCAL SERVICE' }
end
describe windows_task('\Microsoft\Windows\Time Synchronization\SynchronizeTime') do
it { should be_enabled }
end
describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
it { should be_disabled }
end
describe windows_task('\Microsoft\Windows\Defrag\ScheduledDefrag') do
it { should exist }
end
describe windows_task('\I\made\this\up') do
it { should_not exist }
end
-
exists? does the task exist on the system
-
enabled? is the task setup ready to run or in a running state
-
disabled? is the state of the task set to disabled
-
logon_mode used to return the logon mode of the task as a string, for example can it interact with the desktop
-
last_result used to return result code of the task as an int
-
task_to_run used to return the command line of the named task as a string
-
run_as_user used to return the credentials details of the named task as a string
- Windows 2008 + with the WMF3+
Rather then use the GUI you can use the schtasks.exe to output a full list of tasks
available on the system
schtasks /query /FO list
rather than use the list output you can use CSV if it is easier, use the TaskName within your control
C:\>schtasks /query /FO list
...
Folder: \Microsoft\Windows\Diagnosis
HostName: XPS15
TaskName: \Microsoft\Windows\Diagnosis\Scheduled
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
...
| Version | Description |
|---|---|
| 0.2.1 | Updated Readme with Method Examples before peer review. |
| 0.2.0 | Refactoring and added additional definitions to library |
| 0.1.0 | Initial version of the profile |