Create the task on a computer. Set the executional principal to ‘NT AUTHORITY\SYSTEM’. Type the string directly or search for ‘SYSTEM’ in the computers local branch. Test it locally. Export the Task as xml. Copy the xml to an accessable network share.
Create a powershell script to install the task out of this xml. Example for Windoes Defender Events:
Register-ScheduledTask -Xml (Get-Content 'C:\install\Microsoft-Windows-Windows Defender_Operational_Microsoft-Windows-Windows Defender_1116.xml' | out-string) -TaskName 'DefenderMailTask' -Force
schtasks.exe /Create /XML task.xml /tn taskname
Copy the script also to an accessable network share.
Open gpmc. Create a new policy. Edit this policy (computer branch):
- Copy the xml from the share to the workstation.
- Copy the ps1 script from the share to the workstation.
- Set the local ps1 script as a powershell start script.
- Run the script locally from a powershell (with admin privs)
- Restart the machine, gpupdate /force is maybe to weak. :)
- Cun cmd as admin and do gpresult /z /scope:computer and check the output for your scripts.