This guide explains how to run a Powershell script with arguments as a scheduled task and how to deploy it with group policy.
I created this blog post as I got several questions how to set up my client health script. Some of the checks it does requires it to run in the system context, and it is also recommended to run it as a startup script. I also run it once a day on my customers. A scheduled task deployed with group policy is the best way to set this up and fulfill all these requirements.
Powershell Script with Arguments as a Scheduled Task
Local machine: Start “Task Scheduler” and create a new task.
Group Policy: Computer Configuration -> Preferences -> Control Panel Settings – Scheduled Tasks. Create a scheduled task (at least Windows 7).
Selecting replace as the actions ensures that this scheduled tasked is created if not found, and any changes made to it later will be applied when group policy is renewed on the clients. I also specify “NT AUTHORITY\SYSTEM” as the user account. (Click Change User or Group, type in System and click Check Names). Also select “Run with highest privileges” to make sure this task is run under the system context.
Create a new trigger and set “at logon” as the trigger. This ensures that our Powershell script will run when the computer starts. You can configure additional triggers if you like, say for the script to run every day on a specific time.
The actions pane. This is where we configure what our scheduled task will run. In our case its a Powershell script so we create new action and chose start a program.
Action: Start a program
Add arguments (optional):
-ExecutionPolicy Bypass -File "\\sccm\clienthealth$\ConfigMgrClientHealth.ps1" -Config "\\sccm\clienthealth$\config.xml"
Start in (optional): This is the directory you want the script to run in. I leave it blank in this case as it’s not needed for my script.
Our Powershell script that requires arguments is now set up as a scheduled task. Remeber to deploy the group policy object to an organization unit containing your computers if you’r deploying this scheduled task with group policy. I did that and this is how my test computer looked like after running gpupdate /force on it.
We now have a Powershell script with arguments running as a scheduled task, deployed with group policy. ConfigMgr Client Health is there.
Scheduled tasks last run result codes
- 0xfffd0000: Verify the path and filename of the file you try to run.
- 0x8007005: Access is denied. Verify that your task is running as “NT AUTHORITY\SYSTEM”. Builtin\System is not the same.