dencorso Posted October 18, 2018 Share Posted October 18, 2018 I'm sure I'll be worth the trouble. SC.EXE and perhaps NirSoft's NIRCMD.EXE may help you at that. As well as a little hand from @jaclaz, of course! I bet you'll get it working sooner than you imagine! 1 Link to comment Share on other sites More sharing options...
UCyborg Posted October 18, 2018 Share Posted October 18, 2018 I don't know what that machinepolicy trigger is supposed to be, just noticed it causes the service to start on cold boot. I didn't take Windows Defender into account, just assumed it would work after seeing it didn't reset on reboot. What about taking the ownership of the file, disabling inherited permissions and just set one entry - Everyone - to allow just read-only access? Scheduled Start task by itself doesn't do anything beyond starting the service. I also don't remember ever seeing the service updating Windows Update state if updates were disabled, always have to check manually. No idea what messes with those tasks; I noticed it gets enabled on reboot with Windows Defender service disabled, so some core component/service must be responsible. 1 Link to comment Share on other sites More sharing options...
Jody Thornton Posted October 18, 2018 Author Share Posted October 18, 2018 49 minutes ago, UCyborg said: What about taking the ownership of the file, disabling inherited permissions and just set one entry - Everyone - to allow just read-only access? Hmmmmmm - now we're cooking. I shall let you know! Link to comment Share on other sites More sharing options...
UCyborg Posted October 18, 2018 Share Posted October 18, 2018 (edited) That's strange, I just re-enabled Windows Defender, updated its definitions and the task did stay disabled. At least on my end, the only other user with write access to the file is the administrators group, so nobody except me should be able to modify it. Though setting just Everyone to read-only access should be the most thorough action that can be accomplished by messing with permissions alone. The only Windows 8 installations I have for testing is Windows 8.0 with zero updates and Windows 8.1 with only security updates 'till December 2017. There should be something out there available to monitor file access. Process Monitor perhaps? Maybe it can help determine what changes the task. Edit: Forgot to mention, I noticed having Windows Defender enabled does cause Windows Update service to start at boot, that is, with both scheduled task disabled and that machine policy trigger removed. Edited October 18, 2018 by UCyborg 1 Link to comment Share on other sites More sharing options...
Jody Thornton Posted October 18, 2018 Author Share Posted October 18, 2018 I gave the SYSTEM account "Deny" access to the task file. So far, the task has remained disabled. Windows Defender does allow manual update checks. No updates since 8:25 am EST. And the Windows Updates service does start as needed. Link to comment Share on other sites More sharing options...
Jody Thornton Posted October 18, 2018 Author Share Posted October 18, 2018 Funny - I posted this question over at the DM Windows 8 forum. They're friggin' useless over there. Not even a single thread comment. Just in case you want to hear what crickets chirping sounds like: https://www.eightforums.com/threads/task-scheduler-cannot-remove-scheduled-start-task.78706/ Link to comment Share on other sites More sharing options...
Jody Thornton Posted October 19, 2018 Author Share Posted October 19, 2018 We have success. I have updated Windows Defender. and attempted running a manual update. BITS and Windows Update come on as needed, and then go back off eventually. Both services are set to Manual. But most importantly, the Scheduled Task entry never regenerates or starts. It has remained "Disabled" I want to thank everyone for their help. @UCyborg, @dencorso and @HarryTri, I appreciate all of your help. 2 Link to comment Share on other sites More sharing options...
dencorso Posted October 19, 2018 Share Posted October 19, 2018 On 10/18/2018 at 1:58 PM, Jody Thornton said: I gave the SYSTEM account "Deny" access to the task file. So far, the task has remained disabled. So that tweak was the one that did it, right? One has to remove the custom trigger, disable the task and deny SYSTEM access to it, right? Link to comment Share on other sites More sharing options...
UCyborg Posted October 19, 2018 Share Posted October 19, 2018 You can disable the task without removing custom trigger first, its presence just prevents other task properties from being edited in the GUI, disabling works either way. Whatever that task's custom trigger is for, it's disabled by default. This is its description in the task's file (XML): <WnfStateChangeTrigger> <Enabled>false</Enabled> <StateName>7508BCA3380C960C</StateName> <Data>01</Data> <DataOffset>0</DataOffset> </WnfStateChangeTrigger> Whatever that means. Link to comment Share on other sites More sharing options...
Jody Thornton Posted October 20, 2018 Author Share Posted October 20, 2018 You're both right. So yes I removed the Custom Trigger. That allowed me to edit the properties of the Scheduled Start task. Then I removed the "One Time" event trigger. I saved the task, and then disabled it. Then I applied a Deny permission to the System Account on the file itself. 1 Link to comment Share on other sites More sharing options...
Jody Thornton Posted October 20, 2018 Author Share Posted October 20, 2018 So next I was attacking automatic Defrag that shows up in Event Log. It completes a boot optimization, even though I disabled Automatic optmization. I use "My Defrag" anyway for boot optimization, so I disabled the "Optimize Drives" services. That should do it :) Knocking off these little bug-a-boos one step at a time :) 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now