3

I wish to schedule a bat file on my Win 2003 server without a password. The requirement is to run it everyday at a specific time. We use expiring passwords and do not have a non expiring account. I plan to schedule this using Scheduled Tasks as a SYSTEM user. It is working fine, for me.

However, What is the impact of using a SYSTEM user? Is there something we should be cautious about? The code is certainly not malicious! However, i do not wish to impact other users/applications on my Win 2003 server.

Any one has details of the impact?

user216545
  • 31
  • 1

2 Answers2

2

The impact of running scheduled tasks as System is that System is a very highly privileged account. Even more powerful than an administrator. What this means is that your scheduled task has all the privileges it needs to completely trash the system if your scheduled task is misconfigured, or if something malicious is inserted into your batch file, etc.

Running your scheduled tasks as a non-privileged user ensures that the amount of damage it can do to the system is limited.

It's just one of those best practice, better safe than sorry measures. That said, people still run scheduled tasks as System all the time. Sometimes I do it too.

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
2

There isn't anything inherently wrong with using the SYSTEM account - it is an extremely high priveleged account, higher even then the local administrators group.

The big thing is being sure that not only the script / executable itself is clean but also whatever input it'll be using (if any).

Using one of the other security principles such as the network service account may be better depending on your use case.

For details see Microsoft's page on service user accounts. If possible these make things a lot easier then a dedicated user that you need to keep track of the password for.

EDIT:

Sorry, I forgot about the fact that you can't use these accounts in 2003. This feature was introduced in 2008. See Is it possible for a Scheduled Task to run as NETWORK SERVICE?

Also seriously consider upgrading from 2003.

Community
  • 1
Tim Brigham
  • 15,545
  • 10
  • 75
  • 115