Forum Discussion

braedachau's avatar
braedachau
Copper Contributor
Apr 18, 2021

Windows 10 Task Scheduler and Management BYOD Devices

 

Hello,

 

I have a question that about a solution i am considering using PowerShell and MEM on BYOD systems.

 

Please excuse me as I am an amateur but are trying to increase my skills to make myself employable in the ICT field, so if it is not considered "best practice" explain why.

 

I have a test tenant with a few joined machines and quite a few more BYOD personal PC's.  I use this for testing, research and learning how to manage computers.  My goal here is not to lock them down like in a corporate environment but to manage aspects of their security and gain knowledge and skills in MSDE hunting and other functionality.

 

My question is this.  Whilst looking at a my security recommendations I came across a article to "wake" devices for maintenance.  I cant do this via GP so I had to use other methods.  I found that using PowerShell I can alter the scheduled tasks on a device, either joined or personal and I am interested in using this rather than using PowerShell to alter the registry keys.  I could use this for Google software for example (Google places entries in the task scheduler)

 

Sample code like so

 

 

<# 

Source -  https://richardbalsley.com/configuring-windows-10-devices-to-wake-and-update-outside-of-class-time
Lookup variables want to run whether idle or not

Created 05-04-2021

Testing - Draft Only

#>







 $task = Get-ScheduledTask -TaskName InvokeMaintenance -ErrorAction SilentlyContinue


If(-not $task)

{

$ST_A = New-ScheduledTaskAction -Execute "cmd" -Argument "/c"

$ST_T = New-ScheduledTaskTrigger -AtStartup

$ST_S = New-ScheduledTaskSettingsSet -DisallowHardTerminate -RunOnlyIfIdle -MaintenancePeriod 24:00:00 -StartWhenAvailable -WakeToRun -ExecutionTimeLimit 00:30:00 -Priority 0

$ST_P = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount -RunLevel Highest

Register-ScheduledTask -TaskName "InvokeMaintenance" -Action $ST_A -Trigger $ST_T -Settings $ST_S -Principal $ST_P





}

 

 

If somebody would be kind enough to point me to a blog, forum other other medium that goes into this in more detail or give me examples, pitfalls or just a professional opinion on this, I would be appreciate it.  This code is actually setting a entry, but the machines are not waking.  I assume its a idle time problem.

 

I am aware that this is an attack vector, but I can run queries in MSDE and monitor the processes, and should probably be doing this anyway.

 

Thankyou in advance

 

 

Intune
mobile device management (mdm)

2 Replies

Sort By
  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    Apr 19, 2021
    HI,

    First step will be determing if MaintenanceDisabled is not disabled (to be 100% sure)

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\Schedule\Maintenance or you could create a DWORD WakeUp

    You could also make sure wake timers are enabled by configuring the powerplan:
    powercfg /SETDCVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 bd3b718a-0680-4d9d-8ab2-e1d2b4ac806d 1
    powercfg /SETACVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 bd3b718a-0680-4d9d-8ab2-e1d2b4ac806d 1
    • braedachau's avatar
      braedachau
      Copper Contributor
      Apr 24, 2021
      Rudy,

      Sorry I took so long to get back to you. The registry entry you mentioned is non existent, and I don't want to stuff with the power profiles. I am still leaning towards using scheduler but are looking at the code and current entries more closely.

      I will get back to you. Thanks.

Resources