Register-ScheduledJob as the system account (without having to pass in credentials)
First use Register-ScheduledJob to create your PowerShell job.
Then use Set-ScheduledTask to change a startup account to the Local System or any other built-in accounts, i.e. SYSTEM, LOCAL SERVICE, NETWORK SERVICE, etc.
Use the following PS-script. Or download it from my GitHub Gist
The code is self-explanatory (I believe).
You can run it multiple times under an administrative account if you want to check how it works.
BTW, I prefer to use jobs (Register-ScheduledJob) over tasks because jobs allow me to embed PowerShell script blocks (strings) instead using of external script files. Look at -ScriptBlock below.
Also pay attention to -RunElevated. It is a must be.
$ErrorActionPreference = 'Stop'Clear-Host#### Start of Main Logic ###########################$taskName = "my_PowerShell_job"$accountId = "NT AUTHORITY\SYSTEM";#$accountId = "NT AUTHORITY\LOCAL SERVICE";$task = Get-ScheduledJob -Name $taskName -ErrorAction SilentlyContinueif ($task -ne $null){ Unregister-ScheduledJob $task -Confirm:$false Write-Host " @ The old ""$taskName"" PowerShell job has been unregistered"; Write-Host;}# Uncomment the following exit command to only delete your job.# exit;# Shchedule your job. Using of -AtStartup as an example.$trigger = New-JobTrigger -AtStartup;$options = New-ScheduledJobOption -StartIfOnBattery -RunElevated;Write-Host " @ Registering of ""$taskName"" job";Register-ScheduledJob -Name $taskName -Trigger $trigger -ScheduledJobOption $options ` -ScriptBlock { # Put your code here. Write-Host Your job has been launched!; }$principal = New-ScheduledTaskPrincipal -UserID $accountId ` -LogonType ServiceAccount -RunLevel Highest;$psJobsPathInScheduler = "\Microsoft\Windows\PowerShell\ScheduledJobs";$someResult = Set-ScheduledTask -TaskPath $psJobsPathInScheduler ` -TaskName $taskName -Principal $principal#### End of Main Logic ###########################Write-Host;Write-Host " @ Let's look at running account of ""$taskName"" PowerShell job"$task = Get-ScheduledTask -TaskName $taskName$task.PrincipalWrite-Host " @ Let's start ""$taskName"" manually"Start-Job -DefinitionName $taskName | Format-TableWrite-Host " @ Let's proof that ""$taskName"" PowerShell job has been launched"; Write-Host;Start-Sleep -Seconds 3Receive-Job -Name $taskNameWrite-Host;
Sadly you can't run schedule a job or task as the system account.
But you can create local administrator accounts as the system account.
And you can schedule jobs or tasks as a local administrator account.
So what I did to get around this problem is this:
$password = ConvertTo-SecureString (New-Guid).Guid -AsPlainText -Force$user = New-LocalUser "service.scheduler" -Password $Password -Description "For scheduling in tasks from system account"$credentials = New-Object System.Management.Automation.PSCredential($user.name, $password)Register-ScheduledJob -Trigger $trigger -ScriptBlock $scriptblock -Name $taskName -ScheduledJobOption $options -credential $credentialsThis does mean you are passing in credentials, but you don't have to store them as plain text or specify them.
Sorry, can't make comments with reputation under 50.
Can you use Group Policy to run it as a start up script? That will run as the Local System account. Doesn't look like this cmdlet has the -verb paramater to runas.
Looking at: https://technet.microsoft.com/en-us/library/hh849755.aspx under -ScheduledJobOption there is a setting in there RunElevated=$False, that is the defualt. If you set that to true does it run as admin?
I haven't tried it, it might work.
Hope this helps.
Thanks, Tim.