3

I am trying to do the UAC bypass bug with task scheduler, only instead of using the GUI tool, I am trying to do it with schtasks.exe (the equivalent command-line tool). I managed to do the same more or less, except for the most important part - the "run with highest privileges".

The task scheduler bug making this all possible - http://www.petri.co.il/bypass-uac-using-desktop-shortcut.htm

This is the command I tried:

schtasks /create /tn name /tr notepad.exe /sc once /st 00:01 /RL highest

When I add /RL highest, it says ERROR: Access is denied. This doesn't happen when I use the task scheduler.

gonzobrains
  • 7,856
  • 14
  • 81
  • 132
user
  • 31
  • 1
  • 1
  • 2

2 Answers2

1

You cannot create a task that runs elevated unless you are elevated yourself.

In other words, you need to run schtasks elevated.

The reason this works from Task Scheduler is that running Task Scheduler automatically prompts you for elevation (while schtasks does not, as is normal for command-line tools).

(I wouldn't say it's a bug that Task Scheduler allows tasks to run elevated, either. As you have found out, it does not provide a way for unelevated code to become elevated.)

Leo Davidson
  • 6,093
  • 1
  • 27
  • 29
  • 2
    no, Task Scheduler does not prompts for elevation, that's the beauty of it. Also, changing the value of the run levels in the GUI scheduler, I see no difference when I query it in the command line. – user Jan 18 '11 at 12:28
  • 1
    Task Scheduler certainly prompts for elevation here. What UAC settings do you have? Are you on Vista or Windows 7? Is your account an administrator? – Leo Davidson Jan 18 '11 at 12:31
  • 2
    I just checked and Task Scheduler is one of Microsoft's magic, blessed programs which is allowed to elevate without prompting under the default Windows 7 configuration, so that's why you don't see a UAC prompt. It is still elevating, though, and this is not something you can use for your own code (unless you use a hacky method like the one I wrote about here: http://www.pretentiousname.com/misc/win7_uac_whitelist2.html ) -- it's for Microsoft, not for us mere mortals.) – Leo Davidson Jan 18 '11 at 12:39
  • 1
    Windows 7, with all the default options. Default user and UAC doesn't prompt when I make changes to windows settings. Yes, when UAC is fully on, it doesn't work :\ – user Jan 18 '11 at 12:44
0

Your Command is right, just run it as an Administrator.

Percy
  • 1