Monitoring the Windows Task Scheduler

Task Scheduler 2.0 saw a major overhaul with Window Server 2008/Vista. As a result, the Windows OS now uses tasks much more extensively than previously -- there are over 30 tasks installed on every Windows Server 2008 machine! A detailed list is provided below. Unfortunately there still is no native alerting system for tasks, nor any easy way to see what they are all doing.

In addition: - Many 3rd party software packages use Task Scheduler as their native scheduler and create tasks behind the scenes, unbeknownst to the user. These tasks kick off jobs such as antivirus, defrag, backups, etc. that can compete for resources on the server and impact performance just like SQL Agent jobs. - A common practice used by hackers for years has been to create temporary tasks using the AT command to carry out malicious tasks (copy files, delete files, etc.), then auto-delete leaving no trace.

As long as you are watching a Task Scheduler instance with Event Manager, if software or a user creates a task on the machine, you’ll receive an email alert about it, and you’ll see the tasks on the EM calendar alongside all other events.

Bottom line, it’s more important than ever to watch all Task Scheduler instances, otherwise you’ll end up with a gap in visibility regarding everything that’s happening on a server.

Here is a link for more information on Windows Task Scheduler:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa383614(v=vs.85).aspx

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.