Windows Scheduler — Tasks
Overall, a task is a scheduled work that is performed by the “Task Scheduler” service. Each task has several components: triggers, actions, principals, settings, registration information and data — as shown in the diagram below (https://learn.microsoft.com/en-us/windows/win32/taskschd/tasks).
Triggers are events/time-based conditions which are used as a criteria for starting an execution of a task. A task can have multiple triggers up to a maximum of 48. (https://learn.microsoft.com/en-us/windows/win32/taskschd/task-triggers). Also, actions are the actual work performed by a task. A task can have a single/multiple actions up to a maximum of 32 actions. We can different types of actions: “ComHandler” (COM), “Exec Action”, “Email Action”
(sending an email notification) and “Show Message Action” (https://learn.microsoft.com/en-us/windows/win32/taskschd/task-actions).
Moreover, principles is the definition of the security context in which the task is executing on behalf of, including UAC settings and more (https://learn.microsoft.com/en-us/windows/win32/taskschd/security-contexts-for-running-tasks). Settings, that is the configuration used by the “Task Scheduler” while running the task. Think about if we can run multiple instances of the task, or what to do with the task if the system is in idle state and more. By default a task will stop after 72 hours, unless we change the “ExecutionTimeLimit” (https://learn.microsoft.com/en-us/windows/win32/api/taskschd/nf-taskschd-itasksettings-get_executiontimelimit).
In addition, registration information is the data collected when the task is created/registered. Data elements that can be included (but not limited to) are: author, date, description, task version, security descriptor and more (https://learn.microsoft.com/en-us/windows/win32/taskschd/task-registration-information). We can also have additional documentation for the tasks (this is the data portion in the diagram shown below).
Lastly, “Task Scheduler” has two versions (“1.0” and “2.0”) which have differences in the API they support and the configuration that can be made — more on that in future writeups.
See you next time ;-) You can also follow me on twitter — @boutnaru (https://twitter.com/boutnaru).
