2.In General tab, you can set scheduler name and description about the task like for what purpose the task has created.
Available security options explained below.
Specify the user on whose behalf the task will be run.
You can specify that a task should run . It can be done by selecting a radio button labelled ‘Run Whether the user is logged on not’. If this radio button selected, the task will not run interactively. To make a task run interactively, select the ’Run only when user is logged on’ radio button.
When the ‘Run whether user is logged on or not’ is selected, you may prompt to supply the credentials of the account, regardless of whether you select the checkbox ‘Do not store password’ or not. If the account is not logged on during task execution, saved credentials will be used.
If the task requires elevated privileges, then select the option ‘Run with highest privileges.’
3.Switch to the Trigger tab and click the New button. Here, you can set conditions that trigger a task.
You can specify when to start the task. For example, you can have it executed on a schedule, at start-up, at logon or whenever a particular event occurs by selecting ‘Begin the task’ drop-down menu.
You can configure whether you want to run this task once or daily or weekly or monthly according to your scenario.
In the “Advanced settings”, you can choose to delay task, repeat task, stop task if it runs longer than the specified time period and expiry date.
Delay task for up to – This adds a random delay, so the task won’t stat at the exact time of the day.
Repeat task every – It shows the number of times a task should run after a trigger is fired.
Repeat task every – Time interval between each task repetition
For a duration of- How long a task should continue to repeat
Stop task if it runs longer than- If the task runs longer than the expected time or never quit, task will automatically stop if it reaches the mentioned time limit.
Expire – After the time period specified, the schedule won’t be triggered.
4.Then open the next tab ‘Actions’ and click the ‘New’ button.
In the Action drop-down, “Start a program” is set by default. You can change it if required.
Using Browse, select program/script field. To schedule a script, we need to select powershell.exe.
You can find powershell.exe in your system32\WindowsPowerShell\v1.0 folder.
In ‘Add arguments’, -File parameter is the default one so simply specify the script path. For example, I am going to schedule a script that exports Office 365 users MFA status report.
If the path contains any blank space, it should be enclosed with quotes.
5.Once configured, you can specify conditions to determine whether the task should run. The task will not run if any condition specified here is not true.
6.On the Settings tab, you can set additional advanced settings to control the task execution.
Finally, click Ok to create a scheduled script.
Scheduled script will run as expected according to your schedule without any issue. If you want to check script execution, you can click Run by right-clicking task name.
Automate PowerShell Script from Task Scheduler with Parameters
If you want to schedule the PowerShell script with parameters, use the below format.
Script path -Param 1 Value1 -Param2 “Value 2”
For example, I am going to automate one of our PowerShell script: Export Office 365 Users MFA status report
During schedule, you can explicitly pass the credential as parameters as shown below:
Above cmd creates a scheduled task trigger that starts every 2 days at 4PM
Set Actions to be Performed During Execution:
New-SchdeuledTaskAction represent actions that executed when Task Scheduler runs the task. A task can have single action or a maximum of 32 actions. When you specify multiple actions, task Scheduler executes a task sequentially.
The above cmd saves a scheduled task with a name “Schedule MFA Status Report” in the root folder. The saved task uses the pre-created action and trigger values that are specified by $Action and $Time variables.
Because I’ve seen this question asked in many places and not answered, I thought I’d post my issue and resolution here. I regard this as a Bug, but I’m not invested enough to deal with the support incident process.
I’ve had repeated instances where a Windows 7 x64 client runs out of hard drive space, and found that C:\Windows\TEMP is being consumed with hundreds of files with names following the pattern “cab_XXXX_X”, generally 100 MB each, and these files are constantly generated until the system runs out of space. Upon removing the files & rebooting, the files start being generated again.
I’ve found that this is caused by large Component-Based Servicing logs. These are stored at C:\Windows\Logs\CBS. The current log file is named “cbs.log”. When “cbs.log” reaches a certain size, a cleanup process renames the log to “CbsPersist_YYYYMMDDHHMMSS.log” and then attempts to compress it into a .cab file.
However, when the cbs.log reaches a size of 2 GB before that cleanup process compresses it, the file is to large to be handled by the makecab.exe utility. The log file is renamed to CbsPersist_date_time.log, but when the makecab process attempts to compress it the process fails (but only after consuming some 100 MB under \Windows\Temp). After this, the cleanup process runs repeatedly (approx every 20 minutes in my experience). The process fails every time, and also consumes a new ~ 100 MB in \Windows\Temp before dying. This is repeated until the system runs out of drive space.
This can be reproduced by trying to manually create the cab file –
As an IT guy, I always encounter problems when untrained users tweak their Internet connection settings. They always make a mistake somewhere and sometimes the solution is to just keep them away from the Internet Options dialog box altogether.
I have worked at many companies that hide the Internet Options tab in Internet Explorer to discourage users from changing the options, which makes sense since network admins are the only ones who are supposed to access these options.
In a controlled environment, companies usually allow only one type of browser like Internet Explorer and those companies usually don’t allow their employees to change the Internet Options like default the homepage and proxy server.
Below is a typical Internet Options window:
There are several ways to disable the Internet Options tabs in IE and I’ll explain the different methods in this post. The first method uses Group Policy, but will only work if you have the Pro or Ultimate versions of Windows. If you are running Home or Home Premium, then skip down to the registry section.
Disable Internet Options in IE via Group Policy
To disable any tab in the Internet Options window, follow these steps below:
Step 1: Click Start and type GPEDIT.MSC in the search bar and hit enter to launch the Group Policy editor window.
Step 2: In the Local Group Policy editor window expand User Configuration > Administrative Templates > Windows Components > Internet Explorer then click on Internet Control Panel.
Step 3: On the right pane of the window, double click on the item you want to disable. For example, to disable the Advanced tab, double click on Disable the Advanced page option.
Step 4: In the properties window, click on the Enabled option and click OK. The Advanced tab in the Internet Options window will now be disabled and removed.
Step 5: Follow the previous steps to disable other items in the Internet Options window. To enable items, just select the Not Configured option in the properties window and click OK.
There you have it! For less savvy computer users who don’t know about GPEDIT, it should discourage them from changing the advanced settings in IE.
Disable IE Options via Registry Editor
The second way to disable tabs in IE options is to use the registry editor. This is a bit more complicated, but is the only option if you can’t access group policy editor.
You can open the registry editor by clicking on Start and typing in regedit. Once there, navigate to the following key:
Note that if you want to disable this option for all users on the PC, navigate to the same key, but under HKEY_LOCAL_MACHINE.
If there isn’t already a key called Internet Explorer under Microsoft, you’ll have to create it manually. Just right-click on Microsoft and choose New – Key. At this point, there are two options. If you want to disable the entire Internet Options dialog, you can create another key under Internet Explorer called Restrictions.
Lastly, you’ll create a new DWORD value in the right-pane inside Restrictions called NoBrowserOptions. Give that a value of 1 and restart Internet Explorer. If you try to go to Internet Options, it will give you an error message.
If you don’t want to disable the whole dialog, but instead just a few of the tabs, then you should create a new key called Control Panel under Microsoft instead of Restrictions. Inside of that, you’ll create DWORD entries that correspond to the tabs:
As you can see above, I created the Control Panel key under Internet Explorer and then created a DWORD entry in the right-pane called AdvancedTab with a decimal value of 1. This removed just the advanced tab from the IE options window.
Hopefully, these methods will allow you to gain more control over Internet Explorer advanced settings in your environment. If you’re having issues, feel free to comment and I’ll try to help. Enjoy!
Although, enabling and disabling Netlogon debugging is quite easy but should only be enabled for troubleshooting purposes and disabled afterwards:
Enable Netlogon debug:
From an elevated command prompt (as administrator), run the following command:
Disable Netlogon debug:
From an elevated command prompt (as administrator), run the following command:
The netlogon debug log can then be found under C:\Windows\debug\netlogon.log
On the netlogon debug log we should look for (find…) the user we are troubleshooting and should be able to find information similar to the bellow:
08/15 16:38:22 [LOGON]  C ONTOSO: SamLogon: Generic logon of CONTOSO.LOCAL\test2016 from ( WIN2K16MEMBER ) (via JUMPSERVER) Returns 0xC000006A
This entry tells you where the bad password came from.
You can refer to the article above for a full description on the Failure Codes.
Log Name: Security
Date: 7/26/2019 11:47:11 AM
Event ID: 4771
Task Category: Kerberos Authentication Service
Keywords: Audit Failure
Kerberos pre-authentication failed.
Security ID: CONTOSO\Administrator
Account Name: Administrator à This should be showing the account you are troubleshooting.
Service Name: krbtgt/CONTOSO
Client Address: ::ffff: 192.168.0.4 à This might not show on this event but if it does this is the IP where the bad password is coming from.
Client Port: 49908
Ticket Options: 0x40810010
Failure Code : 0x18 à This is the Failure Code we should be looking for:The wrong password was provided.
Pre-Authentication Type: 2
Certificate Issuer Name:
Certificate Serial Number:
This was the easy part!
The hard part is often to troubleshoot from the client side as we don’t have any specific procedure to understand what is sending the bad passwords.
An application? A Scheduled Task? A script?
Can be either and/or all of them and for that reason we often need to revisit the client workstation to continue searching for the culprit(s).
Sometimes it is a middle device that connects the user to Exchange, SQL or any other resource and the same steps needs to be taken on each device in the middle that will bring us back to the originating source.
More information: You can also check the bellow articles for more information on troubleshooting information and tips regarding account lockouts:
Active Directory: Bad Passwords and Account Lockout
Inactive Active Directory (AD) user accounts can pose a security risk to organizations, in situations such as when former employees still have active accounts months after leaving the company because HR failed to inform IT, or accounts might be created for a particular purpose but never deleted after the event. Whatever the reason for the existence of such accounts, Active Directory can quickly get out of control, in turn making your systems harder to audit and less secure.
Active Directory Module for PowerShell
The PowerShell module for Active Directory allows system administrators to query Active Directory and generate reports using the resulting data. The AD module for PowerShell is installed by default on Windows Server 2012 domain controllers, or alternatively you can download the Remote Server Administration Tools (RSAT) for Windows 8.1 and install the module using the command below.
Log in as a local administrator, open a PowerShell prompt, type the code below and press ENTER to install the AD module for PowerShell:
Search Active Directory for Inactive Accounts
The Search-ADAccount cmdlet provides an easy way to query Active Directory for inactive user accounts:
Search-ADAccount –UsersOnly –AccountInactive
The above command returns all inactive accounts. To narrow down the results to a specific time range, you can add the –TimeSpanparameter to Search-ADAccount. In the example below, a variable defines the value for the –TimeSpan parameter, using the New-Timespan cmdlet to simplify the input:
It’s worth noting that unlike the LastLogOn attribute, LastLogonTimestamp is synchronized between domain controllers, but can be 9 to 14 days out-of-date, so you should bear this in mind when processing your results.
Another way to simplify the output and count the number of inactive users is to pipe the results to the Measure cmdlet: