Windows 7 Default Scheduled Tasks–Complete Overview

After the experience of disappearing desktop shortcuts as discussed in my previous blog Case of the Missing Desktop Shortcut Icons I decided it was a good idea to make sure there was nothing else unknown occurring in the background of my Windows 7 installation.

After reviewing the information in Task Scheduler here is what I’ve found. This is based on  a domain joined Windows 7 Enterprise x64 SP1 installation. The settings presented here should be default, or close to it. I haven’t consciously changed anything from a default install.

The scheduled tasks here all reside under \Microsoft\Windows\ in Task Scheduler. Task Scheduler can be opened by typing Task Scheduler into Start Menu.

 

Active Directory Rights Management Services Client

AD RMS Rights Policy Template Management (Automated)

Updates the AD RMS rights policy templates for the user. This job does not provide a credential prompt if authentication to the template distribution web service on the server fails. In this case, it fails silently.

By default this scheduled task is Disabled and will not run.

Security Options

• Runs as Everyone
• Only when user is logged in

Triggers

• Daily at 3:00 am with random delay up to 1 hr
• At logon of any user with delay of 1 hr

Conditions

• Only runs if network connection is present.

Settings

• Allow task to be run on demand
• Run task as soon as possible after scheduled start is missed
• Stop the task if it runs longer than 1 hour.
• If task is already running then run a new instance in parallel.

Actions

Custom handler. ClassID under context AllUsers:

{CF2CF428-325B-48D3-8CA8-7633E36E5A32}

Which refers to %systemroot%\system32\msdrm.dll

AD RMS Rights Policy Template Management (Manual)

Updates the AD RMS rights policy templates for the user. This job provides a credential prompt if authentication to the template distribution web service on the server fails.

By default this task is Enabled, but the automated triggers are disabled, so it will only run manually.

Security Options

• Everyone, only when user is logged in

Triggers

• At logon of any user (But this trigger is Disabled)

Conditions

• Start the task only if computer is on AC Power
• Stop if computer switches to battery power.
• Start only if network connection is available.

Settings

• Allow this task to be run on demand
• Run task as soon as possible after scheduled start is missed
• Stop the task if runs longer than an hour
• If the task is already running start a new instance in parallel.

AppID

PolicyConverter

Converts the software restriction policies policy from XML into binary format.

By default this task is Disabled.

Security Options

• Run as LOCAL SERVICE
• Run whether user is logged on or no

Triggers

• None

Conditions

• None

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested force it to stop
• If task is already running then queue a new instance.

Actions

• Start %windir%\system32\appidpolicyconverter.exe

VerifiedPublisherCertStoreCheck

Inspects the AppID certificate cache for invalid or revoked certificates.

By default this task is Disabled.

Triggers

• At startup
• Delay task for 30 minutes, repeat task every 1 day indefinitely.

Conditions

• Start task if computer is idle for 3 minutes
• Wait for idle for 23 hours
• Stop if the computer ceases to be idle
• Restart if the idle state resumes
• Start the task only if the computer is on AC power
• Stop if the computer switches to battery power

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running then queue a new instance.

Actions

• Start %windir%\system32\appidcertstorecheck.exe

Application Experience

AitAgent

Aggregates and uploads Application Telemetry information if opted-in to the Microsoft Customer Experience Improvement Program.

Enabled by default.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not

Triggers

• Daily at 2:30 AM

Actions

• Start %systemroot%\system32\aitagent.exe

Conditions

• Start the task if computer is idle for 3 minutes
• Wait for idle for 22 hours
• Stop if the computer ceases to be idle
• Restart if the idle state resumes
• Start the task only if the computer is on AC power
• Stop if the computer switches to battery power

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running do not start a new instance

ProgramDataUpdater

Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program

Enabled by default.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not

Triggers

• At 12:30 AM every day

Actions

• Start %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate

Conditions

• Start the task only if the computer is idle for 3 minutes
• Wait for idle for 23 hours
• Stop if the computer ceases to be idle
• Restart if the idle state resumes
• Start the task only if the computer is on AC Power
• Stop if the computer switches to battery power

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running do not start a new instance

Autochk

Proxy

This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer Experience Improvement Program.

This is enabled by default.

Security Options

• Run as LOCAL SERVICE
• Run whether user is logged on or not

Triggers

• At startup
• Delay task for 30 minutes

Actions

• Start %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations

Conditions

• Start the task only if the computer is idle for 10 minutes
• Wait for idle for 365 days

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running do not start a new instance.

Bluetooth

UninstallDeviceTask

Uninstalls the PnP device associated with the specified Bluetooth service ID

Security Options

• Run as SYSTEM
• Run whether user is logged on or not

Triggers

• None

Actions

• Start %windir%\system32\BthUdTask.exe $(Arg0)

Conditions

• Start the task only if the computer is on AC power
• Stop if the computer switches to battery power

Settings

• Allow task to be run on demand
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop.
• If the task is already running run a new instance in parallel

CertificateServicesClient

SystemTask

Certificate Services Client automatically manages digital identities such as Certificates, Keys and Credentials for the users and the machine, enabling enrollment, roaming and other services.

Enabled by default.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not

Triggers

• On an event – When System log has event with source Microsoft-Windows-GroupPolicy and ID 1502. (The Group Policy settings for the computer were processed successfully. New settings from x Group Policy objects were detected and applied.)
• When the task is created or modified
• At startup – delay task for 10 seconds, repeat every 8 hrs indefinitely

Actions

• Custom Event Handler – CLSID {58FB76B9-AC85-4E55-AC04-427593B1D060} refers to %systemroot%\system32\dimsjob.dll
• Data SYSTEM

Conditions

• Start only if network connection is available

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• If the task fails, restart ever 1 minute, up to 5 times
• If the running task does not end when requested, force it to stop
• If the task is already running then run a new instance in parallel

UserTask

Certificate Services Client automatically manages digital identities such as Certificates, Keys and Credentials for the users and the machine, enabling enrollment, roaming and other services.

Enabled by default.

Security Options

• Run as INTERACTIVE
• Run only when user logged on

Triggers

• On an event – When System log has event with source GroupPolicy and ID 1503. (The Group Policy settings for the user were processed successfully. New settings from x Group Policy objects were detected and applied.)
• When the task is created or modified
• At logon – repeat every 8 hrs indefinitely

Actions

• Custom Event Handler – CLSID {58FB76B9-AC85-4E55-AC04-427593B1D060} refers to %systemroot%\system32\dimsjob.dll
• Data USER

Conditions

• Start only if network connection is available

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• If the task fails, restart every 1 minute up to 5 times
• If the running task does not end when requested, force it to stop
• If the task is already running then run a new instance in parallel

UserTask-Roam

Certificate Services Client automatically manages digital identities such as Certificates, Keys and Credentials for the users and the machine, enabling enrollment, roaming and other services.

Disabled by default.

Security Options

• Run as INTERACTIVE
• Run only when user is logged on

Triggers

• On workstation lock of any user
• On workstation unlock of any user

Actions

• Custom Event Handler – CLSID {58FB76B9-AC85-4E55-AC04-427593B1D060} refers to %systemroot%\system32\dimsjob.dll
• Data KEYROAMING

Conditions

• Start the task only if the computer is on AC power
• Stop if the computer switches to battery power
• Start only if a network connection is available

Settings

• Allow task to be run on demand
• If the task fails, restart every 1 minute up to 5 times
• If the running task does not end when requested, force it to stop
• If the task is already running then run a new instance in parallel

Customer Experience Improvement Program

Consolidator

If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft.

Enabled by default.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not

Triggers

• One time – At 12:00 AM on 2/01/2004. After triggered repeat every 19 hrs indefinitely

Actions

• Start %SystemRoot%\System32\wsqmcons.exe

Conditions

• None

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running do not start a new instance

KernelCeipTask

The Kernel CEIP (Customer Experience Improvement Program) task collects additional information about the system and sends this data to Microsoft.  If the user has not consented to participate in Windows CEIP, this task does nothing.

Enabled by default.

Security Options

• Run as LOCAL SERVICE
• Run whether user is logged on or not
• Hidden (Note: Hidden Tasks are visible by default in Windows 7 Task Scheduler)

Triggers

• On a schedule – every Thursday at 3:30 am

Actions

• Custom Event Handler –  CLSID {E7ED314F-2816-4C26-AEB5-54A34D02404C} which refers to %SystemRoot%\System32\kernelceip.dll

Conditions

• Start the task only if computer is idle for 3 minutes
• Wait for idle for 17 hours
• Start the task only if the computer is on AC power

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• If the task fails, retry every 45 minutes
• Attempt to restart up to 1 times
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running do not start a new service.

UsbCeip

The USB CEIP (Customer Experience Improvement Program) task collects Universal Serial Bus related statistics and information about your machine and sends it to the Windows Device Connectivity engineering group at Microsoft.  The information received is used to help improve the reliability, stability, and overall functionality of USB in Windows.  If the user has not consented to participate in Windows CEIP, this task does not do anything.

Enabled by default.

Security Options

• Run as LOCAL SERVICE
• Run whether user is logged on or not
• Hidden

Triggers

• At 1:30 AM every 3 days

Actions

• Run Custom Handler. CLSID {C27F6B1D-FE0B-45E4-9257-38799FA69BC8}
• Data SYSTEM

Conditions

• Start the task only if the computer is on AC Power
• Stop if the computer switches to battery power

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• If the task fails, restart every 45 minutes, attempt restart up to 1 times
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop

Defrag

ScheduledDefrag

This task defragments the computers hard disk drives. Enabled by default

Security Options

• Run as SYSTEM
• Run whether user is logged on or not
• Run with highest privileges

Triggers

• Every Wednesday at 1:00 AM
• Randomly delay task for up to 2 hours

Actions

• Start %windir%\system32\defrag.exe –c (Perform the operation on all volumes)

Conditions

• Start the task only if the computer is idle for 3 minutes
• Wait for idle for 7 days
• Stop if the computer ceases to be idle
• Restart if the idle state resumes
• Start the task only if the computer is on AC power
• Stop if the computer switches to battery power

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop

Diagnosis

Scheduled

The Windows Scheduled Maintenance Task performs periodic maintenance of the computer system by fixing problems automatically or reporting them through the Action Center.

Enabled by default.

Security Options

• Run as INTERACTIVE
• Run only when user is logged on
• Run with highest privileges
• Hidden

Triggers

• Every Sunday at 1:00 am

Actions

• Run custom action. CLSID {C1F85EF8-BCC2-4606-BB39-70C523715EB3} which refers to %SystemRoot%\System32\sdiagschd.dll

Conditions

• Start the task only if the computer is idle for 10 minutes
• Wait for idle for 8 hours
• Start the task only if the computer is on AC power
• Stop if the computer switches to battery power

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the task is already running, then stop the existing instance.

DiskDiagnostic

Microsoft-Windows-DiskDiagnosticDataCollector

The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program.

Disabled by default.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not
• Hidden

Triggers

• Every two weeks on Sunday 1:00 am

Actions

• Start %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART

Conditions

• Start the task only if the computer is idle for 10 minutes
• Wait for idle for 1 hour
• Start the task only if the computer is on AC Power

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running do not start a new instance

Microsoft-Windows-DiskDiagnosticResolver

The Microsoft-Windows-DiskDiagnosticResolver warns users about faults reported by hard disks that support the Self Monitoring and Reporting Technology (S.M.A.R.T.) standard. This task is triggered automatically by the Diagnostic Policy Service when a S.M.A.R.T. fault is detected.

Disabled by default.

Security Options

• Run as Users
• Run with highest privileges
• Hidden

Triggers

• At logon of any user

Actions

• Start %windir%\system32\DFDWiz.exe

Conditions

• None

Settings

• Allow task to be run on demand
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running then run a new instance in parallel

Locations

Notifications

Location Activity. Enabled by default.

Security Options

• Run as Authenticated Users
• Run when users is logged on

Triggers

• On an event – when Application Log has event with source Location Activity and Event ID 1

Actions

• Start %windir%\System32\LocationNotifications.exe

Conditions

• None

Settings

• Allow task to be run on demand
• If the running task does not end when requested, force it to stop
• If the task is already running then run a new instance in parallel

Maintenance

WinSAT

Measures a system’s performance and capabilities

Security Options

• Run as Administrators
• Run only when the user is logged on
• Run with highest privileges

Triggers

• On idle

Actions

• Custom Handler. CLSID {A9A33436-678B-4C9C-A211-7CC38785E79D} which refers to %SystemRoot%\system32\WinSATAPI.dll

Conditions

• Start the task only if the computer is idle for 10 minutes
• Wait for idle for 1 hour
• Stop if the computer ceases to be idle
• Start the task only if the computer is on AC Power
• Stop if the computer switches to battery power

Settings

• Allow task to be run on demand
• If the running task does not end when requested, force it to stop
• If the task is already running do not start a new instance

MemoryDiagnostic

CorruptionDetector

Task for launching the Memory Diagnostic. Enabled by default.

Security Options

• Run as Users
• Run only when user is logged on
• Hidden

Triggers

• On event – When event in System log is raised with source Application Popup and Event ID 1801

Actions

• Custom Action handler. CLSID {190BA3F6-0205-4F46-B589-95C6822899D2} which refers to %SystemRoot%\System32\memdiag.dll
• Data PageNotZero

Conditions

• None

Settings

• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running do not run a new instance

DecompressionFailureDetector

Task for launching the Memory Diagnostic. Enabled by default.

Security Options

• Run as Users
• Run only when user is logged on
• Hidden

Triggers

• On an event – when log Microsoft-Windows-Kernel-StoreMgr/Operational has event raised with source Kernel-StoreMgr and Event ID 6.

Actions

• Custom Action handler. CLSID {190BA3F6-0205-4F46-B589-95C6822899D2} which refers to %SystemRoot%\System32\memdiag.dll
• Data Decompression

Conditions

• None

Settings

• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running do not start a new instance

MobilePC

HotStart

Launches applications configured for Windows HotStart. Enabled by default.

Security Options

• Run as Authenticated Users 
• Run only when user is logged on

Triggers

• At logon of any user

Actions

• Custom Action Handler. CLSID {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} which refers to %SystemRoot%\System32\HotStartUserAgent.dll

Conditions

• None

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• If the running task does not end when requested, force it to stop
• If the task is already running run a new instance in parallel

MUI

LPRemove

Launch language cleanup tool. Enabled by default.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not

Triggers

• At system startup, delay task for 25 minutes.

Actions

• Run %windir%\system32\lpremove.exe

Conditions

• Start the task only if the computer is idle for 10 minutes
• Wait for idle for 1 hour
• Stop if the computer ceases to be idle
• Start the task only if the computer is on AC power

Settings

• Allow the task to be run on demand
• Stop the task if it runs longer than 9 hours
• If the task is already running do not start a new instance

Multimedia

SystemSoundsService

System Sounds User Mode Agent. Enabled by default.

Security Options

• Run as Users
• Run only when user is logged on

Triggers

• At logon of any user

Actions

• Run Custom Handler. CLSID {2DEA658F-54C1-4227-AF9B-260AB5FC3543}. Refers to %SystemRoot%\System32\PlaySndSrv.dll

Conditions

• No conditions

Settings

• Allow task to be run on demand
• If the running task does not end when requested, force it to stop
• If the task is already running then run a new instance in parallel

NetTrace

GatherNetworkInfo

Network information collector. Task is enabled but no triggers configured.

Security Options

• Run as Users
• Run only when user is logged on
• Run with highest privileges

Triggers

• None

Actions

• Run %windir%\system32\gatherNetworkInfo.vbs

Conditions

• None

Settings

• Allow task to be run on demand
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running run a new instance in parallel

NetworkAccessProtection

• No events in this folder by default

Offline Files

Background Synchronization

This task controls periodic background synchronization of Offline Files when the user is working in an offline mode.

Disabled by default.

Security Options

• Run as Authenticated Users
• Run only when user is logged on

Triggers

• One time – at 12:00 AM on 1/01/2008
• Delay task randomly up to 1 hour
• Repeat task every 6 hours indefinitely

Actions

• Run custom action handler. CLSID {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} Refers to %SystemRoot%\System32\cscui.dll

Conditions

• Start only if network connection is available

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 1 day
• If the running task does not end when requested, force it to stop
• If the task is already running then do not start a new instance.

Logon Synchronization

This task initiates synchronization of Offline Files when a user logs onto the system.

Disabled by default.

Security Options

• Run as Authenticated Users
• Run only when user is logged on

Triggers

• At logon of any user

Actions

• Custom Event Handler with CLSID {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} with data Logon. Refers to %SystemRoot%\System32\cscui.dll

Conditions

• Start the task only if the computer is on AC power
• Stop if the computer switches to the battery power

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 1 day
• If running task does not end when requested force it to stop
• If the task is already running do not start a new instance

PerfTrack

BackgroundConfigSurveyor

Performance Tracing Idle Task: Background configuration surveyor. Disabled by default.

Security Options

• Run as LOCAL SERVICE
• Run whether user is logged on or not
• Hidden

Triggers

• When computer is idle
• At 3:00 AM every day

Actions

• Custom Action Handler with CLSID {EA9155A3-8A39-40B4-8963-D3C761B18371} which refers to C:\Windows\System32\perftrack.dll

Conditions

• Start the task only if the computer is on AC Power

Settings

• Allow task to be run on demand
• Stop the task if it runs longer than 3 days
• If the task is already running do not start a new instance

PLA\System

No tasks defined under this folder by default.

Power Efficiency Diagnostics

AnalyzeSystem

This job analyzes the system looking for conditions that may cause high energy use. Enabled by default.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not

Triggers

• Runs at 6:00 AM every 14 days
• Randomly delay task for up to 8 hrs

Actions

• Start %SystemRoot%\System32\powercfg.exe -energy -auto

Conditions

• Start the task only if computer is idle for 5 minutes
• Wait for idle for 2 hours

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 5 minutes
• If the running task does not end when requested, force it to stop
• If  the task is already running do not start a new instance

RAC

RacTask

Microsoft Reliability Analysis task to process system reliability data. Enabled by default.

Security Options

• Run as LOCAL SERVICE
• Run whether user is logged on or not
• Hidden

Triggers

• When an event in Application log is raised with source Customer Experience Improvement Program and event ID 1007
• On a schedule starting 31/03/2008 11:00 am. Delay task randomly up to 15 minutes, repeat every 1 hour indefinitely

Actions

• Custom Event Handler with CLSID {42060D27-CA53-41F5-96E4-B1E8169308A6} and data $(Arg0) Refers to %systemroot%\system32\RacEngn.dll

Conditions

• None

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• If the running task does not end when requested force it to stop
• If the task is already running do not start a new instance

Ras

MobilityManager

Provides support for the switching of mobility enabled VPN connections if their underlying interface goes down.

Enabled by default.

Security Options

• Run as LOCAL SERVICE
• Run whether user is logged on or not

Triggers

• When an event is raised in Application log with provider name RasClient and level is 4 or 0 and Event ID is 20281

Actions

• Custom Event Handler with CLSID {C463A0FC-794F-4FDF-9201-01938CEACAFA} which refers to %systemroot%\system32\rasmbmgr.dll

Conditions

• None

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running then run a new instance in parallel

Registry

RegIdleBackup

Registry Idle Backup Task. Enabled by default.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not
• Hidden

Triggers

• Every 10 days at 12:00 am, randomly delay start by up to 1 hr

Actions

• Custom Action Handler with CLSID {CA767AA8-9157-4604-B64B-40747123D5F2} which refers to %SystemRoot%\System32\regidle.dll

Conditions

• Start the task only if the computer is idle for 3 minutes
• Wait for idle for 23 hours
• Stop if the computer ceases to be idle
• Restart if the idle state resumes

Settings

• Run task as soon as possible after a scheduled start is missed
• If the running task does not end when requested, force it to stop
• If the task is already running do not start a new instance

RemoteApp and Desktop Connections Update

This folder is empty by default.

RemoteAssistance

RemoteAssistanceTask

Checks group policy for changes relevant to Remote Assistance

Security Options

• Run as SYSTEM
• Run whether user is logged on or not
• Run with highest privileges
• Hidden

Triggers

• When event in System log is raised with source GroupPolicy and event ID 1502, delay task for 15 seconds
• When task is created or modified

Actions

• Run %windir%\system32\RAServer.exe /offerraupdate

Conditions

• None

Settings

• Allow task to be run on demand
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested force it to stop
• If the task is already running then queue a new instance

Shell

WindowsParentalControls

Notifications for actions taken by Windows Parental Controls.

Security Options

• Run as AUTHENTICATED USERS
• Run only when user is logged on
• Hidden

Triggers

• At logon of any user, delay task for 1 second

Actions

• Run Custom Event Handler with CLSID {DFA14C43-F385-4170-99CC-1B7765FA0E4A} which refers to C:\Windows\System32\wpcumi.dll

Conditions

• None

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• If the task fails restart every 1 minute
• Attempt to restart up to 5 times
• If the running task does not end when requested force it to stop
• If the task is already running run a new instance in parallel

WindowsParentalControlsMigration

Migration for Windows Parental Controls. Disabled by default.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not
• Run with highest privileges
• Hidden

Triggers

• At logon of any user, delay for 1 second

Actions

• Run Custom Action Handler with CLSID {343D770D-7788-47C2-B62A-B7C4CED925CB} which refers to C:\Windows\System32\wpcmig.dll

Conditions

• None

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• If the task fails restart every 1 minute
• Attempt to restart up to 1 time
• If the running task does not end when requested force it to stop
• If the task is already running run a new instance in parallel

SideShow

AutoWake

This task automatically wakes the computer and then puts it to sleep when automatic wake is turned on for a Windows SideShow-compatible device.

Disabled by default.

Security Options

• Run as LOCAL SERVICE
• Run whether user is logged on or not

Triggers

• At the logon of any user, delay for 1 minute

Actions

• Run custom action handler with CLSID {E51DFD48-AA36-4B45-BB52-E831F02E8316} which refers to %SystemRoot%\System32\AuxiliaryDisplayServices.dll

Conditions

• None

Settings

• Allow task to be run on demand
• If the running task does not end when requested force it to stop
• If the task is already running then do not start a new instance

GadgetManager

This task manages and synchronizes metadata for the installed gadgets on a Windows SideShow-compatible device.

Enabled by default, but trigger is disabled.

Security Options

• Run as Users
• Run only when user is logged on

Triggers

• At logon of any user

Actions

• Run Custom Action Handler with CLSID {FF87090D-4A9A-4F47-879B-29A80C355D61} with data $(Arg0) Refers to %SystemRoot%\System32\AuxiliaryDisplayServices.dll

Conditions

• None

Settings

• Allow task to be run on demand
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested force it to stop
• If the task is already running then queue a new instance

SessionAgent

This task manages the session behavior when multiple user accounts exist on a Windows SideShow-compatible device.

Disabled by default.

Security Options

• Run as Users
• Run only when user is logged on

Triggers

• At logon of any user, delay for 15 seconds

Actions

• Run Custom Action Handler with CLSID {45F26E9E-6199-477F-85DA-AF1EDFE067B1} which refers to %SystemRoot%\System32\AuxiliaryDisplayServices.dll

Conditions

• None

Settings

• Allow task to be run on demand
• If the running task does not end when requested force it to stop
• If the task is already running run a new instance in parallel

SystemDataProviders

This task provides system data for the clock, power source, wireless network strength, and volume on a Windows SideShow-compatible device.

Disabled by default.

Security Options

• Run as LOCAL SERVICE
• Run whether user is logged on or not

Triggers

• At log on of any user, delay task for 30 seconds

Actions

• Run custom action handler with CLSID {7CCA6768-8373-4D28-8876-83E8B4E3A969} which refers to %SystemRoot%\System32\AuxiliaryDisplayServices.dll

Conditions

• None

Settings

• Allow task to be run on demand
• If the running task does not end when requested, force it to stop
• If the task is already running do not start a new instance

SoftwareProtectionPlatform

SvcRestartTask

This task restarts the Software Protection Platform service at the specified time. Enabled by default.

Security Options

• Run as NETWORK SERVICE
• Run whether user is logged on or not
• Hidden

Triggers

• At 12:37:31 PM every day

Actions

• Run sc.exe start sppsvc

Conditions

• None

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• If the task fails restart every 1 minute, retry up to 3 times
• If the task is already running then do not start a new instance

SyncCenter

No tasks by default.

SystemRestore

SR

This task creates regular system protection points. Enabled by default.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not

Triggers

• At 12:00 AM every day
• At system startup, delay up to 30 minutes

Actions

• Start %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation

Conditions

• Start the task only if the computer is idle for 10 minutes
• Wait for idle for 23 hours
• Start the task only if the computer is on AC Power

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• IF the running task does not end when requested force it to stop
• If the task is already running then do not start a new instance

Task Manager

Interactive

Runs a task as the interactive user. Enabled by default.

Security Options

• Run as INTERACTIVE
• Run only when user is logged on
• Hidden

Triggers

• No triggers

Actions

• Run Custom Action Handler with CLSID {855FEC53-D2E4-4999-9E87-3414E9CF0FF4} which refers to %SystemRoot%\system32\wdc.dll

Conditions

• None

Settings

• Allow task to be run on demand
• If the running task does not end when requested, force it to stop
• If the task is already running then run a new instance in parallel

Tcpip

IpAddressConflict1

This event is triggered when an IP address conflict is detected. Enabled by default.

Security Options

• Run as Users
• Run only when user is logged on
• Run with highest privileges

Triggers

• When event is raised in System log with source Tcpip and event ID 4198.

Actions

• %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem

Conditions

• Start the task only if the computer is on AC Power
• Stop if the computer switches to battery power

Settings

• Allow task to be run on demand
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested force it to stop
• If the task is already running do not start a new instance

IpAddressConflict2

This event is triggered when an IP address conflict is detected.

Security Options

• Run as Users
• Run only when user is logged on
• Run with highest privileges

Triggers

• When event is raised in System log with source Tcpip and event ID 4199.

Actions

• %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem

Conditions

• Start the task only if the computer is on AC power
• Stop if the computer switches to battery power

Settings

• Allow task to be run on demand
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running do not start a new instance

TextServicesFramework

MsCtfMonitor

TextServicesFramework monitor task. Enabled by default.

Security Options

• Run as Users
• Run only when user is logged on
• Hidden

Triggers

• At logon of any user

Actions

• Run custom action handler with CLSID {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1} which refers to %SystemRoot%\system32\MsCtfMonitor.dll

Conditions

• None

Settings

• Allow task to be run on demand

• If the running task does not end when requested, force it to stop

• If the running task is already running then start a new instance in parallel

Time Synchronization

SynchronizeTime

Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Enabled by default.

Security Options

• Run as LOCAL SERVICE
• Run whether user is logged on or not
• Run with highest privileges

Triggers

• At 1:00 AM every Sunday

Actions

• %windir%\system32\sc.exe start w32time task_started

Conditions

• Start only if network connection is present

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If running task does not end when requested force it to stop
• If the task is already running do not start a new instance

UPnP

UPnPHostConfig

Set UPnPHost service to Auto-Start. Enabled by default, but no triggers configured.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not

Triggers

• None

Actions

• Run sc.exe config upnphost start= auto

Conditions

• Start the task only if the computer is on AC Power
• Stop if the computer switches to battery power

Settings

• Allow task to be run on demand
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested force it to stop
• If the task is already running do not start a new instance

User Profile Service

HiveUploadTask

This task will automatically upload a roaming user profile’s registry hive to its network location.

Disabled by default.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not

Triggers

• Every 12 hours from 28/08/2007 12:00:00 AM with random delay of 1 hr

Actions

• Run custom action handler with CLSID {BA677074-762C-444B-94C8-8C83F93F6605} which refers to APPID {72E3272B-4EEA-4104-B358-1A282E4FC1AD} which refers to User Profile Service DCOM server (profsvc)

Conditions

• Start the task only if the computer is idle for 10 minutes, wait for idle for 2 hrs
• Start only if a network connection is present

Settings

• Allow task to be run on demand

• Run task as soon as possible after a scheduled start is missed

• If the task fails restart every 2 minutes up to 3 times

• Stop if the task runs longer than 3 days

• If the running task does not end when requested force it to stop

• If the task is already running do not start a new instance

WDI

ResolutionHost

The Windows Diagnostic Infrastructure Resolution host enables interactive resolutions for system problems detected by the Diagnostic Policy Service. It is triggered when necessary by the Diagnostic Policy Service in the appropriate user session. If the Diagnostic Policy Service is not running, the task will not run

Enabled by default, but no triggers configured.

Security Options

• Run as INTERACTIVE
• Run only when user is logged on
• Run with highest privileges
• Hidden

Triggers

• None

Actions

• Run Custom Action Handler with CLSID {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1} which refers to %SystemRoot%\System32\wdi.dll

Condition

• None

Settings

• Allow task to be run on demand
• If the running task does not end when requested force it to stop
• If the task is already running run a new instance in parallel

Windows Error Reporting

QueueReporting

Windows Error Reporting task to process queued reports. Enabled by default.

Security Options

• Run as Users
• Run only when user is logged on

Triggers

• At logon of any user, delay task for 13 minutes

Actions

• Start %windir%\system32\wermgr.exe -queuereporting

Conditions

• None

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running then run a new instance in parallel

Windows Filtering Platform

BfeOnServiceStartTypeChange

This task adjusts the start type for firewall-triggered services when the start type of the Base Filtering Engine (BFE) is disabled.

Enabled by default.

Security Options

• Run as SYSTEM
• Run whether user is logged on or not
• Hidden

Triggers

• When event is raised in Service Control Manager log with System Event ID 7040 and Param4 is equal to BFE

Actions

• Run %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange

Conditions

• None

Settings

• Stop the task if it runs longer than 3 days
• If the task is already running then queue a new instance

Windows Media Sharing

UpdateLibrary

This task updates the cached list of folders and the security permissions on any new files in a user’s shared media library.

Enabled by default.

Security Options

• Run as AUTHENTICATED USERS
• Run only when user is logged on

Triggers

• When log Microsoft-Windows-WMPNSS-Service  has event ID 14210

Actions

• Run %ProgramFiles%\Windows Media Player\wmpnscfg.exe

Conditions

• None

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested force it to stop
• If the task is already running then run a new instance in parallel

WindowsBackup

ConfigNotification

This scheduled task notifies the user that Windows Backup has not been configured. Enabled by default.

Security Options

• Run as LOCAL SERVICE
• Run whether user is logged on or not

Triggers

• At 10:00 am every day

Actions

• Run %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION

Conditions

• None

Settings

• Allow task to be run on demand
• Run task as soon as possible after a scheduled start is missed
• Stop the task if it runs longer than 3 days
• If the running task does not end when requested, force it to stop
• If the task is already running do not start a new instance

WindowsColorSystem

Calibration Loader

This task applies colour calibration settings. Disabled by default.

Security Options

• Run as Users
• Run only when user is logged on

Triggers

• At logon of any user
• On connection to user session

Actions

• Run custom action handler with CLSID {B210D694-C8DF-490D-9576-9E20CDBC20BD} which refers to %SystemRoot%\System32\mscms.dll

Conditions

• None

Settings

• Allow task to be run on demand
• If the task is not scheduled to run again queue a new instance

THE END (Finally)