Windows 7 – blksthl

G’day Windows lovers.
Again, this is not a SharePoint post per se, but hey, we all need to Schedule a task from time to time, unless we have completely flown into the clouds…
No need for any command prompt, at.exe, schtasks.exe or anything like that. This can all be done from the gui.

Note: Some people may state that it is a bad idea running a scheduled task as system, that this is bad for security reasons. I can agree with both sides but a fact is that Microsoft has a number of their default scheduled tasks running as system, so it can’t all be wrong. Also, running the task as a different administrator account is even worse, so…do as you like here. Secure the location of the script files, at least do that.
Good or bad, it is still a fact that some people in some situations want to do this, run a script as system, perhaps for the simplicity of it, for not having to rely on service accounts beeing created or other reasons good or bad.

Step by step:

Note: These steps have been verified on Windows Server 2012, but will function just as well on Windows Server 2012 R2 or Windows Server 2008R2/Windows Server 2008, Windows 7 nd Windows 8x

–

Note: You have to be logged on as a local administrator in order to follow these steps.

Start the Windows Task Scheduler, from the ‘Start’ menu or search, any way works…
When the Windows Task Scheduler is open, Browse to a task under Microsoft. I’m using a .NET Framework task in my example, that will work…

Have a look at the tasks in the .NET Framework container. Select the task at the top and make sure that it is a task running as System by checking its properties.

The properties at the bottom will show you if the task is configured to run as SYSTEM. If the task selected is not, pick another task in the list until you find one that is.

Right-click on the task and select export.

Save the file to a good location locally on the server and give it a good name.

Replace the default name with something of your own:

Save the file, then back in Task Scheduler, select the top of the tree, Task Scheduler Library.

Right-click on Task Scheduler Library and select Import Task…

Browse to the file you just exported.

Click on Open to start the import of the task. Name the new task with the name you want, you now have an exact copy of the default .NET framework task, now we need to make modifications so that it will suit your needs.
Right-click on the task, select Properties to make all the settings available for change.
In my example, I want the task to start a PowerShell script as system.
In order to do that, go to the Actions tab.

Delete the existing action, in my example ‘Custom handler’ and add your own.

If you like me, want to run a PowerShell script, type powershell in the program field and type the path to your .ps1 file in the Add Arguments field.
Save the new action and verify the values.

Now, change all the parameters to suit your needs. For example, you might want to add a scheduled trigger.
Click on the Triggers tab and add the Schedule you need.

In my example, I added a Schedule that starts the task at 07:00 every day and keeps doing this forever…

Now, as a last step, select the completed task under the Task Scheduler Library and verify all the settings, especially, make sure that it is configured to run as SYSTEM!
I also selected Run with highest privilieges in my example because the script I had writted required Run as Administrator to function properly.

Thats all, you’re done! Good luck!
References:

Thanks to:

Me, Myself and I!

___________________________________________________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Updated 2014-01-10 : Finally added a PowerShell method

This guide is using the PowerShell or NETDOM tool and does not require rejoining the domain

Have you seen this? ‘The trust relationship between this workstation and the primary domain failed’
Or this? ‘The security database on the server does not have a computer account for this workstation trust relationship.’ Same issue, different symptom.

I have on multiple occasions beeing a heavy Hyper-V user for my labs…
There are apparently a number of reasons why this happens, but the main reason seems to be lost connection between the ‘client/server’ and the Domain controllers. If the scheduled password change occurs while the server or client is unavailable or has been shut down, then the passwords stored in the server/client and the domain controllers for the computer account mismatch, and you will end up getting this error when trying to logon to the server. It can also appear differently, like if all service accounts stop functioning with events logged as a result, or similar that happens when the server is still running and you have been able to logon or simply never logged off.

The real question…How do we fix it? There are a number of TechNet forum threads on this(added one below as references) and many blog posts allready written, but since I’m always having difficulty finding them myself when I need them, I’ll make my own. Please feel free to borrow this knowledge and reblog/repost it yourself 🙂 (The guide however, is my own creation…)
The easiest or at least the quickest solution, is to have the server leave the doamin by adding it to a workgroup, then joining it back to the domain again. But, this can sometimes be a bit risky, you may have lots of service account running as domain users and so on, you don’t feel like uncoupling the server from the domain at all, then do this instead.

This guide is taking for granted that you prior to following these steps, have restored network connectivity between the server/client and the domain controllers, else this will fail. Resetting the computer password can not be done offline.

–

The following steps are performed on a Windows Server 2008 R2 machine, but the same steps apply to Windows Server 2012

Ok, I’ll do as I’m used to and describe what to do in a step by step guide, like this:

You log on to your server like you are used to, using your personal domain account:

You type the password and hit enter, then, BAM! This, instead of the normal logon procedure…what a start on a monday morning…

No good…if you don’t like to meddle with server affairs and are the kind of person who likes to stick to your apps once logged into the server, copy the link to this blogpost and send it to someone who can fix it…else, keep reading.

Press OK and then Switch user.

Then use the local server administrator account to logon to the server.

In my case it is one of my SQL boxes, so I type the Servername, Backslash, Local Admin and hit Enter.

The Username can just as well be in the form: ‘.\administrator’, with the single dot replacing the servername

PowerShell Method
New Method, steps performed on Windows Server 2012 but are valid on Win7, Win8x, WS2008 and WS2012R2

Once logged in, you will want to start a PowerShell prompt or PowerShell ISE with administrative privilieges, ‘as administrator’.

Next, we solve the problem by resetting the Computer password in Active Directory and on the Local machine, for this we use a PowerShell CMDlet called Reset-ComputerMachinePassword. Type in the following command:

Reset-ComputerMachinePassword -Server <Name of any domain controller> -Credential <domain admin account>

In my environment it looks like this:

Hit Enter, you will then be prompted for the Domain Administrator accounts password

Type in the password and hit OK. It will take between 2 to 10 seconds to complete Yoy will then, if everything works, see this:

Yup, nothing overwelming like ‘Succeeded’ or OK…just the released prompt. It is a success though 🙂

Now, we have to do one more thing before order is restored completely, we have to reboot the server. If you don’t, you will still not be able to logon using the domain account.

Use PowerShell…

Or the GUI if you prefer

After the server has rebooted, you are good to go, logon using your regular personal domain account.

Done!

NETDOM Method
Old method, performed on Windows Server 2008R2, but are valid also on WS2012 and WS2012R2, not however on Win7 or Win8X

Once logged in, you will want to start a PowerShell prompt or a Command prompt with administrative privilieges, ‘as administrator’.

Next, we solve the problem by resetting the Computer password in Active Directory and on the Local machine, for this we use a commande called NETDOM.
Type in the following command:

NETDOM RESETPWD /Server:<name of any domain controller> /UserD:<domain admin account> /PasswordD:<password>

(Yes, the trailing D’s are supposed to be there, don’t ask me why…)

In my prompt it looks a bit like this:

Important! Unlike in this Picture, the domain administrators password will be visible in cleartext, so be careful and close the prompt after you are done!

If you change the password part to be /PasswordD:* It will prompt you to enter your password, and it will not be shown in the CMD box.
(Thanks to Jason Hanson for the tip, and Gerrard Singleton)

Hit Enter and if everything works, you should see this:

Now, we have to do one more thing before order is restored completely, we have to reboot the server. If you don’t, you will still not be able to logon using the domain account.

After the server has rebooted, you are good to go, logon using your regular personal domain account.

Done!

If this did not work out for you, perhaps any of these reference links can be of use for you with additional steps and alternate solutions?
Good luck!

References

NETDOM
http://technet.microsoft.com/en-us/library/cc772217(v=ws.10).aspx

Netdom Overview
http://technet.microsoft.com/sv-se/library/cc737599(v=ws.10).aspx

How to use Netdom.exe to reset machine account passwords of a Windows Server domain controller
http://support.microsoft.com/kb/325850

Reset-ComputerMachinePassword
http://technet.microsoft.com/en-us/library/hh849751.aspx

Don’t rejoin to fix
http://www.implbits.com/about/blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/default.aspx

TechNet Forum: The trust relationship between this workstation and the primary domain failed – Windows 7 Enterprise joining 2008 Domain, Error 5722
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/8155d5ea-a5c2-4306-8d2b-be3464234460/

TechNet Wiki: Trust Relationship between Workstation and Primary Domain failed
http://social.technet.microsoft.com/wiki/contents/articles/9157.trust-relationship-between-workstation-and-primary-domain-failed.aspx

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Tag: Windows 7

The easy guide to creating a scheduled task running as system

Fix: The trust relationship between this workstation and the primary domain failed