Understanding Task Scheduler Security

Security in Task Scheduler 2 . 0 is greatly improved over the previous version Task Scheduler 1.0 (Windows XP and earlier versions). Task Scheduler now supports a security isolation model in which each set of tasks running in a specific security context starts in a separate session. Tasks executed for different users are started in separate window sessions, in complete isolation from one other and from tasks running in the machine (system) context. Passwords are stored (when needed) with the CredMan service . Using CredMan prevents malware from retrieving the stored password, tightening security further.

Beginning with Windows Vista, the burden of credentials management in Task Scheduler is lessened. Credentials are no longer stored locally for the majority of scenarios, so tasks do not "break" when a password changes. Administrators can configure security services such as S4U and CredMan, depending on whether the task requires remote or local resources . S4U relieves the need to store passwords locally on the computer; and CredMan, though it requires that passwords be updated once per computer, automatically updates all scheduled tasks configured to run for the specific user with the new password.

Was this article helpful?

0 0

Post a comment