[python-win32] how to code pywin32 run existing window task scheduler?

Fri Jan 15 05:10:35 EST 2021

I red https://docs.microsoft.com/en-us/windows/win32/taskschd/registeredtask
But I have no idea what I will do the next step.
As I understand, we must to add current user (who run python code ) to have right permission to this task to able to run completely.

How to add permission  in code using python-win32, perhaps  everyone can run
[cid:image003.png at 01D6EB61.535F06E0]
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10

From: Eryk Sun<mailto:eryksun at gmail.com>
Sent: ÇÑ¹¾ÄËÑÊº´Õ·Õè 14 Á¡ÃÒ¤Á 2021 23:11
To: python-win32 at python.org<mailto:python-win32 at python.org>
Subject: Re: [python-win32] how to code pywin32 run existing window task scheduler?

On 1/14/21, Tim Roberts <timr at probo.com> wrote:
> On Jan 13, 2021, at 8:07 PM, Pongthorn Sangkaphet
>
>> I have tried already but error
>>
> That’s 0x80070005, which is ERROR_ACCESS_DENIED.  Have you tried running
> this from an elevated process?

The default security descriptor of a task grants all access to
administrators, and the principal user of the task is granted read
access. Implicitly, however, the principal can execute a task as long
the task security grants read access. Because the principal user can
execute a task, this allows an administrator to configure a task to
run elevated (i.e. with highest privileges) as the administrator user,
which bypasses UAC (e.g. when executed via schtasks /run from a
restricted security context). If the principal user has the batch
logon right, then the task can also run in the services session (i.e.
the option to run whether or not the user is logged on), but that's
not pertinent to the question of execute access.

If you need to allow some other user to read and execute a task (e.g.
to bypass UAC in the context of the principal user), then you'll need
to grant that user file read (FR) and execute (FX) access. Begin by
retrieving the task's DACL_SECURITY_INFORMATION (4) in SDDL form from
GetSecurityDescriptor [1]. You can convert this string to an SD record
to work with it programmatically, or simply append an allow ACE in
SDDL form, such as "(A;;FRFX;;;<string SID>)". Then write the new DACL
via SetSecurityDescriptor.

---
[1] https://docs.microsoft.com/en-us/windows/win32/taskschd/registeredtask
_______________________________________________
python-win32 mailing list
python-win32 at python.org
https://mail.python.org/mailman/listinfo/python-win32

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-win32/attachments/20210115/6251209d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 840C82379E674BF093F9B193A68890D5.png
Type: image/png
Size: 126224 bytes
Desc: 840C82379E674BF093F9B193A68890D5.png
URL: <https://mail.python.org/pipermail/python-win32/attachments/20210115/6251209d/attachment-0001.png>