Scheduled Tasks
Enumerate
schtasks
Scheduled tasks
schtasks /query
Scheduled tasks with status
schtasks /query /v
Detailed info
schtasks /query /v list /FO
Scheduled tasks
schtasks /query /v /tn <taskname> /fo LIST
Specific task
schtasks /query /s <System>
Scheduled tasks on specified remote host
schtasks /query /v /FO list | findstr /B "Task Name:" | sort
Find specific task and sort
schtasks /query /fo list /v | findstr /v "\\Microsoft"
Filter out key words like "Microsoft"
Get-ScheduledTask
List all scheduled
Get-ScheduledTask -TaskName <TaskName>
Specific scheduled task
Get-ScheduledTaskInfo
Last run time and result for all scheduled tasks
Get-ScheduledTaskInfo -TaskName <TaskName>
Last run time and result for specific scheduled task
Get-ScheduledTask -TaskPath <TaskPath>
Scheduled tasks in specific folder
Get-ScheduledTask | Where-Object {$_.State -eq 'Running'}
All currently running scheduled tasks
Get-ScheduledTask | ft TaskName,TaskPath,State
All scheduled tasks and only include those three fields
Get-CimInstance -ClassName Win32_ScheduledJob
Retrieves a list of AT-style scheduled jobs (not including tasks created via Task Scheduler)
WMIC:
WMIC is less effective for enumerating modern scheduled tasks and is primarily used for backward compatibility with older systems. Lists AT-style scheduled jobs on the local computer using WMIC:
wmic /node:"localhost" /namespace:"\\root\cimv2" path Win32_ScheduledJob get *Filter out keyword "Microsoft*":
Get-ScheduledTask | where {$_.TaskPath -notlike "\\Microsoft\*"} | ft Taskname,TaskPath,StateModify
schtasks /create /tn <TaskName> /tr <TaskRun> /sc <ScheduleType>
Creates a new scheduled task.
schtasks /create /xml <XMLFile> /tn <TaskName>
Creates a new scheduled task from an XML file.
schtasks /change /tn <TaskName> [options]
Changes properties of a scheduled task.
schtasks /delete /tn <TaskName>
Deletes a scheduled task.
schtasks /run /tn <TaskName>
Runs a scheduled task immediately.
schtasks /end /tn <TaskName>
Stops a currently running scheduled task.
New-ScheduledTask
Creates a scheduled task definition.
Register-ScheduledTask -TaskName <TaskName> -InputObject <ScheduledTask>
Registers a scheduled task with the Task Scheduler.
Set-ScheduledTask -TaskName <TaskName> [options]
Modifies settings of an existing scheduled task.
Unregister-ScheduledTask -TaskName <TaskName>
Unregisters (deletes) a scheduled task.
Start-ScheduledTask -TaskName <TaskName>
Starts a scheduled task immediately.
Stop-ScheduledTask -TaskName <TaskName>
Stops a currently running scheduled task.
Export-ScheduledTask -TaskName <TaskName>
Exports a scheduled task to an XML file.
Import-ScheduledTask -Xml <XMLContent> -TaskName <TaskName>
Creates a new scheduled task from an XML string or file.
Registry Locations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache
Contains subkeys with detailed information about scheduled tasks, including:
hierarchical structure of task folders and tasks (Tree)
individual task definitions (Tasks)
tasks scheduled to run at system startup (Boot) or user logon (Logon).
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter
Stores information about tasks migrated from older versions of Windows.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SchedulingAgent
Used in older versions of Windows, contains information about tasks scheduled using the AT command.
Last updated
Was this helpful?