[feature] Runlevel option for schedule on Windows #475

auxym · 2025-03-30T13:22:25Z

Small feature request: could we have a new option for resticprofile schedule that sets the "Run with highest privileges" checkbox in Task Scheduler? This also corresponds to /RL Highest when using the SCHTASKS cli command (https://superuser.com/questions/243605/how-do-i-specify-run-with-highest-privileges-in-schtasks).

Why

Using shcedule-permission: system creates a task that runs as the SYSTEM user. This provides all privileges (eg: create a VSS snapshot, access to all files), but creates issues to access network paths (eg. samba/cifs shares specified as \\server\\path\to\share) that require credentials. The SYSTEM user does not have access to mapped drives, or credentials saved in the Windows Credential Manager created by a user, even from an elevated (run as administrator) shell. From my research, it seems that the only way to allow tasks running as SYSTEM is to use a 3rd party tool (sysinternals PSExec) to run an elevated shell as the SYSTEM user and a combination of net use and/or cmdkey. This feels a bit hackish. Another workaround would be to wrap the resticprofile backup call in a script that first calls net use /user:... /password:... to connect the network path with the given credentials.

Running the scheduled task as a user allows access to the network path with saved credentials, but does not provide sufficient privileges to use the VSS snapshot option, or backup "system" files.

The workaround is relatively simple, that is, after running resticprofile schedule with schedule-permission: user, I go into the task scheduler and manually check the Run with highest privileges. Since running schedule is not something we do very often, this is not a huge deal. Maybe just adding a note to the docs would be OK too.

The text was updated successfully, but these errors were encountered:

creativeprojects · 2025-03-30T14:14:15Z

This is a very good point 👍🏻

I'll need to try it to understand how to create the task automatically. By that I mean what permissions are required to create the task (user password + elevated permissions?)

auxym · 2025-03-30T20:33:46Z

How does resticprofile currently create the scheduled task? I don't know much go but if you can point me to the bit of code that does that, I can have a look if I have any idea how to implement this.

creativeprojects · 2025-03-30T21:53:57Z

Sure, I'd appreciate a bit of help 😉

To create a scheduled task on Windows, we create an XML file. The definition of the XML file is here:

resticprofile/schtasks/settings.go

Lines 9 to 27 in 669e77e

    
           type Settings struct { 
        
           	AllowStartOnDemand         bool              `xml:"AllowStartOnDemand,omitempty"` // indicates that the task can be started by using either the Run command or the Context menu 
        
           	AllowHardTerminate         bool              `xml:"AllowHardTerminate,omitempty"` // indicates that the task may be terminated by the Task Scheduler service using TerminateProcess 
        
           	Compatibility              Compatibility     // indicates which version of Task Scheduler a task is compatible with 
        
           	DeleteExpiredTaskAfter     *period.Period    `xml:"DeleteExpiredTaskAfter,omitempty"` // the amount of time that the Task Scheduler will wait before deleting the task after it expires 
        
           	DisallowStartIfOnBatteries bool              `xml:"DisallowStartIfOnBatteries"`       // indicates that the task will not be started if the computer is running on batteries 
        
           	ExecutionTimeLimit         period.Period     `xml:"ExecutionTimeLimit"`               // the amount of time that is allowed to complete the task 
        
           	Hidden                     bool              `xml:"Hidden,omitempty"`                 // indicates that the task will not be visible in the UI 
        
           	IdleSettings               IdleSettings      `xml:"IdleSettings"` 
        
           	MultipleInstancesPolicy    InstancesPolicy   `xml:"MultipleInstancesPolicy"` // defines how the Task Scheduler deals with multiple instances of the task 
        
           	Priority                   uint              `xml:"Priority,omitempty"`      // the priority level of the task, ranging from 0 - 10, where 0 is the highest priority, and 10 is the lowest. Only applies to ComHandler, Email, and MessageBox actions 
        
           	RestartOnFailure           *RestartOnFailure `xml:"RestartOnFailure,omitempty"` 
        
           	RunOnlyIfIdle              bool              `xml:"RunOnlyIfIdle,omitempty"`             // indicates that the Task Scheduler will run the task only if the computer is in an idle condition 
        
           	RunOnlyIfNetworkAvailable  bool              `xml:"RunOnlyIfNetworkAvailable,omitempty"` // indicates that the Task Scheduler will run the task only when a network is available 
        
           	StartWhenAvailable         bool              `xml:"StartWhenAvailable,omitempty"`        // indicates that the Task Scheduler can start the task at any time after its scheduled time has passed 
        
           	StopIfGoingOnBatteries     bool              `xml:"StopIfGoingOnBatteries,omitempty"`    // indicates that the task will be stopped if the computer is going onto batteries 
        
           	WakeToRun                  bool              `xml:"WakeToRun,omitempty"`                 // indicates that the Task Scheduler will wake the computer when it is time to run the task, and keep the computer awake until the task is completed 
        
           	UseUnifiedSchedulingEngine bool              `xml:"UseUnifiedSchedulingEngine,omitempty"` 
        
           }

The object is created on this line, using the Config object as reference:

resticprofile/schtasks/taskscheduler.go

Line 54 in 669e77e

task := createTaskDefinition(config, schedules)

After that, we feed the XML file to the task scheduler using the command line:

schtasks.exe /create /tn task_name /xml file.xml

To understand which parameter to add or update, it's actually quite easy: you can prepare a task in the task scheduler, right click on it and choose export. It will give you the exact same XML file needed to create the task 👍🏻

There are also references to the MSDN documentation in some sections of the code.

Good luck 😄

auxym changed the title ~~[feature] Runlevel option for resticprofile on Windows~~ [feature] Runlevel option for schedule on Windows Mar 30, 2025

creativeprojects added enhancement New feature or request good first issue Good for newcomers windows Concerns only Windows OS labels Mar 30, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[feature] Runlevel option for schedule on Windows #475

[feature] Runlevel option for schedule on Windows #475

Uh oh!

Uh oh!

Uh oh!

Uh oh!

[feature] Runlevel option for schedule on Windows #475

[feature] Runlevel option for schedule on Windows #475

Comments

Why

Uh oh!

Uh oh!

Uh oh!