After the experience of disappearing desktop shortcuts as discussed in my previous blog Case of the Missing Desktop Shortcut Icons I decided it was a good idea to make sure there was nothing else unknown occurring in the background of my Windows 7 installation.
After reviewing the information in Task Scheduler here is what I’ve found. This is based on a domain joined Windows 7 Enterprise x64 SP1 installation. The settings presented here should be default, or close to it. I haven’t consciously changed anything from a default install.
The scheduled tasks here all reside under \Microsoft\Windows\ in Task Scheduler. Task Scheduler can be opened by typing Task Scheduler into Start Menu.
Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Automated)
Updates the AD RMS rights policy templates for the user. This job does not provide a credential prompt if authentication to the template distribution web service on the server fails. In this case, it fails silently.
By default this scheduled task is Disabled and will not run.
Security Options
- Runs as Everyone
- Only when user is logged in
Triggers
- Daily at 3:00 am with random delay up to 1 hr
- At logon of any user with delay of 1 hr
Conditions
- Only runs if network connection is present.
Settings
- Allow task to be run on demand
- Run task as soon as possible after scheduled start is missed
- Stop the task if it runs longer than 1 hour.
- If task is already running then run a new instance in parallel.
Actions
Custom handler. ClassID under context AllUsers:
{CF2CF428-325B-48D3-8CA8-7633E36E5A32}
Which refers to %systemroot%\system32\msdrm.dll
AD RMS Rights Policy Template Management (Manual)
Updates the AD RMS rights policy templates for the user. This job provides a credential prompt if authentication to the template distribution web service on the server fails.
By default this task is Enabled, but the automated triggers are disabled, so it will only run manually.
Security Options
- Everyone, only when user is logged in
Triggers
- At logon of any user (But this trigger is Disabled)
Conditions
- Start the task only if computer is on AC Power
- Stop if computer switches to battery power.
- Start only if network connection is available.
Settings
- Allow this task to be run on demand
- Run task as soon as possible after scheduled start is missed
- Stop the task if runs longer than an hour
- If the task is already running start a new instance in parallel.
AppID
PolicyConverter
Converts the software restriction policies policy from XML into binary format.
By default this task is Disabled.
Security Options
- Run as LOCAL SERVICE
- Run whether user is logged on or no
Triggers
- None
Conditions
- None
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested force it to stop
- If task is already running then queue a new instance.
Actions
- Start %windir%\system32\appidpolicyconverter.exe
VerifiedPublisherCertStoreCheck
Inspects the AppID certificate cache for invalid or revoked certificates.
By default this task is Disabled.
Triggers
- At startup
- Delay task for 30 minutes, repeat task every 1 day indefinitely.
Conditions
- Start task if computer is idle for 3 minutes
- Wait for idle for 23 hours
- Stop if the computer ceases to be idle
- Restart if the idle state resumes
- Start the task only if the computer is on AC power
- Stop if the computer switches to battery power
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running then queue a new instance.
Actions
- Start %windir%\system32\appidcertstorecheck.exe
Application Experience
AitAgent
Aggregates and uploads Application Telemetry information if opted-in to the Microsoft Customer Experience Improvement Program.
Enabled by default.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
Triggers
- Daily at 2:30 AM
Actions
- Start %systemroot%\system32\aitagent.exe
Conditions
- Start the task if computer is idle for 3 minutes
- Wait for idle for 22 hours
- Stop if the computer ceases to be idle
- Restart if the idle state resumes
- Start the task only if the computer is on AC power
- Stop if the computer switches to battery power
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new instance
ProgramDataUpdater
Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program
Enabled by default.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
Triggers
- At 12:30 AM every day
Actions
- Start %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
Conditions
- Start the task only if the computer is idle for 3 minutes
- Wait for idle for 23 hours
- Stop if the computer ceases to be idle
- Restart if the idle state resumes
- Start the task only if the computer is on AC Power
- Stop if the computer switches to battery power
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new instance
Autochk
Proxy
This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer Experience Improvement Program.
This is enabled by default.
Security Options
- Run as LOCAL SERVICE
- Run whether user is logged on or not
Triggers
- At startup
- Delay task for 30 minutes
Actions
- Start %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
Conditions
- Start the task only if the computer is idle for 10 minutes
- Wait for idle for 365 days
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new instance.
Bluetooth
UninstallDeviceTask
Uninstalls the PnP device associated with the specified Bluetooth service ID
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
Triggers
- None
Actions
- Start %windir%\system32\BthUdTask.exe $(Arg0)
Conditions
- Start the task only if the computer is on AC power
- Stop if the computer switches to battery power
Settings
- Allow task to be run on demand
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop.
- If the task is already running run a new instance in parallel
CertificateServicesClient
SystemTask
Certificate Services Client automatically manages digital identities such as Certificates, Keys and Credentials for the users and the machine, enabling enrollment, roaming and other services.
Enabled by default.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
Triggers
- On an event – When System log has event with source Microsoft-Windows-GroupPolicy and ID 1502. (The Group Policy settings for the computer were processed successfully. New settings from x Group Policy objects were detected and applied.)
- When the task is created or modified
- At startup – delay task for 10 seconds, repeat every 8 hrs indefinitely
Actions
- Custom Event Handler – CLSID {58FB76B9-AC85-4E55-AC04-427593B1D060} refers to %systemroot%\system32\dimsjob.dll
- Data SYSTEM
Conditions
- Start only if network connection is available
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- If the task fails, restart ever 1 minute, up to 5 times
- If the running task does not end when requested, force it to stop
- If the task is already running then run a new instance in parallel
UserTask
Certificate Services Client automatically manages digital identities such as Certificates, Keys and Credentials for the users and the machine, enabling enrollment, roaming and other services.
Enabled by default.
Security Options
- Run as INTERACTIVE
- Run only when user logged on
Triggers
- On an event – When System log has event with source GroupPolicy and ID 1503. (The Group Policy settings for the user were processed successfully. New settings from x Group Policy objects were detected and applied.)
- When the task is created or modified
- At logon – repeat every 8 hrs indefinitely
Actions
- Custom Event Handler – CLSID {58FB76B9-AC85-4E55-AC04-427593B1D060} refers to %systemroot%\system32\dimsjob.dll
- Data USER
Conditions
- Start only if network connection is available
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- If the task fails, restart every 1 minute up to 5 times
- If the running task does not end when requested, force it to stop
- If the task is already running then run a new instance in parallel
UserTask-Roam
Certificate Services Client automatically manages digital identities such as Certificates, Keys and Credentials for the users and the machine, enabling enrollment, roaming and other services.
Disabled by default.
Security Options
- Run as INTERACTIVE
- Run only when user is logged on
Triggers
- On workstation lock of any user
- On workstation unlock of any user
Actions
- Custom Event Handler – CLSID {58FB76B9-AC85-4E55-AC04-427593B1D060} refers to %systemroot%\system32\dimsjob.dll
- Data KEYROAMING
Conditions
- Start the task only if the computer is on AC power
- Stop if the computer switches to battery power
- Start only if a network connection is available
Settings
- Allow task to be run on demand
- If the task fails, restart every 1 minute up to 5 times
- If the running task does not end when requested, force it to stop
- If the task is already running then run a new instance in parallel
Customer Experience Improvement Program
Consolidator
If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft.
Enabled by default.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
Triggers
- One time – At 12:00 AM on 2/01/2004. After triggered repeat every 19 hrs indefinitely
Actions
- Start %SystemRoot%\System32\wsqmcons.exe
Conditions
- None
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new instance
KernelCeipTask
The Kernel CEIP (Customer Experience Improvement Program) task collects additional information about the system and sends this data to Microsoft. If the user has not consented to participate in Windows CEIP, this task does nothing.
Enabled by default.
Security Options
- Run as LOCAL SERVICE
- Run whether user is logged on or not
- Hidden (Note: Hidden Tasks are visible by default in Windows 7 Task Scheduler)
Triggers
- On a schedule – every Thursday at 3:30 am
Actions
- Custom Event Handler – CLSID {E7ED314F-2816-4C26-AEB5-54A34D02404C} which refers to %SystemRoot%\System32\kernelceip.dll
Conditions
- Start the task only if computer is idle for 3 minutes
- Wait for idle for 17 hours
- Start the task only if the computer is on AC power
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- If the task fails, retry every 45 minutes
- Attempt to restart up to 1 times
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new service.
UsbCeip
The USB CEIP (Customer Experience Improvement Program) task collects Universal Serial Bus related statistics and information about your machine and sends it to the Windows Device Connectivity engineering group at Microsoft. The information received is used to help improve the reliability, stability, and overall functionality of USB in Windows. If the user has not consented to participate in Windows CEIP, this task does not do anything.
Enabled by default.
Security Options
- Run as LOCAL SERVICE
- Run whether user is logged on or not
- Hidden
Triggers
- At 1:30 AM every 3 days
Actions
- Run Custom Handler. CLSID {C27F6B1D-FE0B-45E4-9257-38799FA69BC8}
- Data SYSTEM
Conditions
- Start the task only if the computer is on AC Power
- Stop if the computer switches to battery power
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- If the task fails, restart every 45 minutes, attempt restart up to 1 times
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
Defrag
ScheduledDefrag
This task defragments the computers hard disk drives. Enabled by default
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
- Run with highest privileges
Triggers
- Every Wednesday at 1:00 AM
- Randomly delay task for up to 2 hours
Actions
- Start %windir%\system32\defrag.exe –c (Perform the operation on all volumes)
Conditions
- Start the task only if the computer is idle for 3 minutes
- Wait for idle for 7 days
- Stop if the computer ceases to be idle
- Restart if the idle state resumes
- Start the task only if the computer is on AC power
- Stop if the computer switches to battery power
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
Diagnosis
Scheduled
The Windows Scheduled Maintenance Task performs periodic maintenance of the computer system by fixing problems automatically or reporting them through the Action Center.
Enabled by default.
Security Options
- Run as INTERACTIVE
- Run only when user is logged on
- Run with highest privileges
- Hidden
Triggers
- Every Sunday at 1:00 am
Actions
- Run custom action. CLSID {C1F85EF8-BCC2-4606-BB39-70C523715EB3} which refers to %SystemRoot%\System32\sdiagschd.dll
Conditions
- Start the task only if the computer is idle for 10 minutes
- Wait for idle for 8 hours
- Start the task only if the computer is on AC power
- Stop if the computer switches to battery power
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the task is already running, then stop the existing instance.
DiskDiagnostic
Microsoft-Windows-DiskDiagnosticDataCollector
The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program.
Disabled by default.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
- Hidden
Triggers
- Every two weeks on Sunday 1:00 am
Actions
- Start %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Conditions
- Start the task only if the computer is idle for 10 minutes
- Wait for idle for 1 hour
- Start the task only if the computer is on AC Power
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new instance
Microsoft-Windows-DiskDiagnosticResolver
The Microsoft-Windows-DiskDiagnosticResolver warns users about faults reported by hard disks that support the Self Monitoring and Reporting Technology (S.M.A.R.T.) standard. This task is triggered automatically by the Diagnostic Policy Service when a S.M.A.R.T. fault is detected.
Disabled by default.
Security Options
- Run as Users
- Run with highest privileges
- Hidden
Triggers
- At logon of any user
Actions
- Start %windir%\system32\DFDWiz.exe
Conditions
- None
Settings
- Allow task to be run on demand
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running then run a new instance in parallel
Locations
Notifications
Location Activity. Enabled by default.
Security Options
- Run as Authenticated Users
- Run when users is logged on
Triggers
- On an event – when Application Log has event with source Location Activity and Event ID 1
Actions
- Start %windir%\System32\LocationNotifications.exe
Conditions
- None
Settings
- Allow task to be run on demand
- If the running task does not end when requested, force it to stop
- If the task is already running then run a new instance in parallel
Maintenance
WinSAT
Measures a system’s performance and capabilities
Security Options
- Run as Administrators
- Run only when the user is logged on
- Run with highest privileges
Triggers
- On idle
Actions
- Custom Handler. CLSID {A9A33436-678B-4C9C-A211-7CC38785E79D} which refers to %SystemRoot%\system32\WinSATAPI.dll
Conditions
- Start the task only if the computer is idle for 10 minutes
- Wait for idle for 1 hour
- Stop if the computer ceases to be idle
- Start the task only if the computer is on AC Power
- Stop if the computer switches to battery power
Settings
- Allow task to be run on demand
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new instance
MemoryDiagnostic
CorruptionDetector
Task for launching the Memory Diagnostic. Enabled by default.
Security Options
- Run as Users
- Run only when user is logged on
- Hidden
Triggers
- On event – When event in System log is raised with source Application Popup and Event ID 1801
Actions
- Custom Action handler. CLSID {190BA3F6-0205-4F46-B589-95C6822899D2} which refers to %SystemRoot%\System32\memdiag.dll
- Data PageNotZero
Conditions
- None
Settings
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running do not run a new instance
DecompressionFailureDetector
Task for launching the Memory Diagnostic. Enabled by default.
Security Options
- Run as Users
- Run only when user is logged on
- Hidden
Triggers
- On an event – when log Microsoft-Windows-Kernel-StoreMgr/Operational has event raised with source Kernel-StoreMgr and Event ID 6.
Actions
- Custom Action handler. CLSID {190BA3F6-0205-4F46-B589-95C6822899D2} which refers to %SystemRoot%\System32\memdiag.dll
- Data Decompression
Conditions
- None
Settings
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new instance
MobilePC
HotStart
Launches applications configured for Windows HotStart. Enabled by default.
Security Options
- Run as Authenticated Users
- Run only when user is logged on
Triggers
- At logon of any user
Actions
- Custom Action Handler. CLSID {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} which refers to %SystemRoot%\System32\HotStartUserAgent.dll
Conditions
- None
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- If the running task does not end when requested, force it to stop
- If the task is already running run a new instance in parallel
MUI
LPRemove
Launch language cleanup tool. Enabled by default.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
Triggers
- At system startup, delay task for 25 minutes.
Actions
- Run %windir%\system32\lpremove.exe
Conditions
- Start the task only if the computer is idle for 10 minutes
- Wait for idle for 1 hour
- Stop if the computer ceases to be idle
- Start the task only if the computer is on AC power
Settings
- Allow the task to be run on demand
- Stop the task if it runs longer than 9 hours
- If the task is already running do not start a new instance
Multimedia
SystemSoundsService
System Sounds User Mode Agent. Enabled by default.
Security Options
- Run as Users
- Run only when user is logged on
Triggers
- At logon of any user
Actions
- Run Custom Handler. CLSID {2DEA658F-54C1-4227-AF9B-260AB5FC3543}. Refers to %SystemRoot%\System32\PlaySndSrv.dll
Conditions
-
No conditions
Settings
- Allow task to be run on demand
- If the running task does not end when requested, force it to stop
- If the task is already running then run a new instance in parallel
NetTrace
GatherNetworkInfo
Network information collector. Task is enabled but no triggers configured.
Security Options
- Run as Users
- Run only when user is logged on
- Run with highest privileges
Triggers
- None
Actions
- Run %windir%\system32\gatherNetworkInfo.vbs
Conditions
- None
Settings
- Allow task to be run on demand
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running run a new instance in parallel
NetworkAccessProtection
- No events in this folder by default
Offline Files
Background Synchronization
This task controls periodic background synchronization of Offline Files when the user is working in an offline mode.
Disabled by default.
Security Options
- Run as Authenticated Users
- Run only when user is logged on
Triggers
- One time – at 12:00 AM on 1/01/2008
- Delay task randomly up to 1 hour
- Repeat task every 6 hours indefinitely
Actions
- Run custom action handler. CLSID {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} Refers to %SystemRoot%\System32\cscui.dll
Conditions
- Start only if network connection is available
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 1 day
- If the running task does not end when requested, force it to stop
- If the task is already running then do not start a new instance.
Logon Synchronization
This task initiates synchronization of Offline Files when a user logs onto the system.
Disabled by default.
Security Options
- Run as Authenticated Users
- Run only when user is logged on
Triggers
- At logon of any user
Actions
- Custom Event Handler with CLSID {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} with data Logon. Refers to %SystemRoot%\System32\cscui.dll
Conditions
- Start the task only if the computer is on AC power
- Stop if the computer switches to the battery power
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 1 day
- If running task does not end when requested force it to stop
- If the task is already running do not start a new instance
PerfTrack
BackgroundConfigSurveyor
Performance Tracing Idle Task: Background configuration surveyor. Disabled by default.
Security Options
- Run as LOCAL SERVICE
- Run whether user is logged on or not
- Hidden
Triggers
- When computer is idle
- At 3:00 AM every day
Actions
- Custom Action Handler with CLSID {EA9155A3-8A39-40B4-8963-D3C761B18371} which refers to C:\Windows\System32\perftrack.dll
Conditions
- Start the task only if the computer is on AC Power
Settings
- Allow task to be run on demand
- Stop the task if it runs longer than 3 days
- If the task is already running do not start a new instance
PLA\System
No tasks defined under this folder by default.
Power Efficiency Diagnostics
AnalyzeSystem
This job analyzes the system looking for conditions that may cause high energy use. Enabled by default.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
Triggers
- Runs at 6:00 AM every 14 days
- Randomly delay task for up to 8 hrs
Actions
- Start %SystemRoot%\System32\powercfg.exe -energy -auto
Conditions
- Start the task only if computer is idle for 5 minutes
- Wait for idle for 2 hours
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 5 minutes
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new instance
RAC
RacTask
Microsoft Reliability Analysis task to process system reliability data. Enabled by default.
Security Options
- Run as LOCAL SERVICE
- Run whether user is logged on or not
- Hidden
Triggers
- When an event in Application log is raised with source Customer Experience Improvement Program and event ID 1007
- On a schedule starting 31/03/2008 11:00 am. Delay task randomly up to 15 minutes, repeat every 1 hour indefinitely
Actions
- Custom Event Handler with CLSID {42060D27-CA53-41F5-96E4-B1E8169308A6} and data $(Arg0) Refers to %systemroot%\system32\RacEngn.dll
Conditions
- None
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- If the running task does not end when requested force it to stop
- If the task is already running do not start a new instance
Ras
MobilityManager
Provides support for the switching of mobility enabled VPN connections if their underlying interface goes down.
Enabled by default.
Security Options
- Run as LOCAL SERVICE
- Run whether user is logged on or not
Triggers
- When an event is raised in Application log with provider name RasClient and level is 4 or 0 and Event ID is 20281
Actions
- Custom Event Handler with CLSID {C463A0FC-794F-4FDF-9201-01938CEACAFA} which refers to %systemroot%\system32\rasmbmgr.dll
Conditions
- None
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running then run a new instance in parallel
Registry
RegIdleBackup
Registry Idle Backup Task. Enabled by default.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
- Hidden
Triggers
- Every 10 days at 12:00 am, randomly delay start by up to 1 hr
Actions
- Custom Action Handler with CLSID {CA767AA8-9157-4604-B64B-40747123D5F2} which refers to %SystemRoot%\System32\regidle.dll
Conditions
- Start the task only if the computer is idle for 3 minutes
- Wait for idle for 23 hours
- Stop if the computer ceases to be idle
- Restart if the idle state resumes
Settings
- Run task as soon as possible after a scheduled start is missed
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new instance
RemoteApp and Desktop Connections Update
This folder is empty by default.
RemoteAssistance
RemoteAssistanceTask
Checks group policy for changes relevant to Remote Assistance
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
- Run with highest privileges
- Hidden
Triggers
- When event in System log is raised with source GroupPolicy and event ID 1502, delay task for 15 seconds
- When task is created or modified
Actions
- Run %windir%\system32\RAServer.exe /offerraupdate
Conditions
- None
Settings
- Allow task to be run on demand
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested force it to stop
- If the task is already running then queue a new instance
Shell
WindowsParentalControls
Notifications for actions taken by Windows Parental Controls.
Security Options
- Run as AUTHENTICATED USERS
- Run only when user is logged on
- Hidden
Triggers
- At logon of any user, delay task for 1 second
Actions
- Run Custom Event Handler with CLSID {DFA14C43-F385-4170-99CC-1B7765FA0E4A} which refers to C:\Windows\System32\wpcumi.dll
Conditions
- None
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- If the task fails restart every 1 minute
- Attempt to restart up to 5 times
- If the running task does not end when requested force it to stop
- If the task is already running run a new instance in parallel
WindowsParentalControlsMigration
Migration for Windows Parental Controls. Disabled by default.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
- Run with highest privileges
- Hidden
Triggers
- At logon of any user, delay for 1 second
Actions
- Run Custom Action Handler with CLSID {343D770D-7788-47C2-B62A-B7C4CED925CB} which refers to C:\Windows\System32\wpcmig.dll
Conditions
- None
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- If the task fails restart every 1 minute
- Attempt to restart up to 1 time
- If the running task does not end when requested force it to stop
- If the task is already running run a new instance in parallel
SideShow
AutoWake
This task automatically wakes the computer and then puts it to sleep when automatic wake is turned on for a Windows SideShow-compatible device.
Disabled by default.
Security Options
- Run as LOCAL SERVICE
- Run whether user is logged on or not
Triggers
- At the logon of any user, delay for 1 minute
Actions
- Run custom action handler with CLSID {E51DFD48-AA36-4B45-BB52-E831F02E8316} which refers to %SystemRoot%\System32\AuxiliaryDisplayServices.dll
Conditions
- None
Settings
- Allow task to be run on demand
- If the running task does not end when requested force it to stop
- If the task is already running then do not start a new instance
GadgetManager
This task manages and synchronizes metadata for the installed gadgets on a Windows SideShow-compatible device.
Enabled by default, but trigger is disabled.
Security Options
- Run as Users
- Run only when user is logged on
Triggers
- At logon of any user
Actions
- Run Custom Action Handler with CLSID {FF87090D-4A9A-4F47-879B-29A80C355D61} with data $(Arg0) Refers to %SystemRoot%\System32\AuxiliaryDisplayServices.dll
Conditions
- None
Settings
- Allow task to be run on demand
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested force it to stop
- If the task is already running then queue a new instance
SessionAgent
This task manages the session behavior when multiple user accounts exist on a Windows SideShow-compatible device.
Disabled by default.
Security Options
- Run as Users
- Run only when user is logged on
Triggers
- At logon of any user, delay for 15 seconds
Actions
- Run Custom Action Handler with CLSID {45F26E9E-6199-477F-85DA-AF1EDFE067B1} which refers to %SystemRoot%\System32\AuxiliaryDisplayServices.dll
Conditions
- None
Settings
- Allow task to be run on demand
- If the running task does not end when requested force it to stop
- If the task is already running run a new instance in parallel
SystemDataProviders
This task provides system data for the clock, power source, wireless network strength, and volume on a Windows SideShow-compatible device.
Disabled by default.
Security Options
- Run as LOCAL SERVICE
- Run whether user is logged on or not
Triggers
- At log on of any user, delay task for 30 seconds
Actions
- Run custom action handler with CLSID {7CCA6768-8373-4D28-8876-83E8B4E3A969} which refers to %SystemRoot%\System32\AuxiliaryDisplayServices.dll
Conditions
- None
Settings
- Allow task to be run on demand
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new instance
SoftwareProtectionPlatform
SvcRestartTask
This task restarts the Software Protection Platform service at the specified time. Enabled by default.
Security Options
- Run as NETWORK SERVICE
- Run whether user is logged on or not
- Hidden
Triggers
- At 12:37:31 PM every day
Actions
- Run sc.exe start sppsvc
Conditions
- None
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- If the task fails restart every 1 minute, retry up to 3 times
- If the task is already running then do not start a new instance
SyncCenter
No tasks by default.
SystemRestore
SR
This task creates regular system protection points. Enabled by default.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
Triggers
- At 12:00 AM every day
- At system startup, delay up to 30 minutes
Actions
- Start %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Conditions
- Start the task only if the computer is idle for 10 minutes
- Wait for idle for 23 hours
- Start the task only if the computer is on AC Power
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- IF the running task does not end when requested force it to stop
- If the task is already running then do not start a new instance
Task Manager
Interactive
Runs a task as the interactive user. Enabled by default.
Security Options
- Run as INTERACTIVE
- Run only when user is logged on
- Hidden
Triggers
- No triggers
Actions
- Run Custom Action Handler with CLSID {855FEC53-D2E4-4999-9E87-3414E9CF0FF4} which refers to %SystemRoot%\system32\wdc.dll
Conditions
- None
Settings
- Allow task to be run on demand
- If the running task does not end when requested, force it to stop
- If the task is already running then run a new instance in parallel
Tcpip
IpAddressConflict1
This event is triggered when an IP address conflict is detected. Enabled by default.
Security Options
- Run as Users
- Run only when user is logged on
- Run with highest privileges
Triggers
- When event is raised in System log with source Tcpip and event ID 4198.
Actions
- %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
Conditions
- Start the task only if the computer is on AC Power
- Stop if the computer switches to battery power
Settings
- Allow task to be run on demand
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested force it to stop
- If the task is already running do not start a new instance
IpAddressConflict2
This event is triggered when an IP address conflict is detected.
Security Options
- Run as Users
- Run only when user is logged on
- Run with highest privileges
Triggers
- When event is raised in System log with source Tcpip and event ID 4199.
Actions
- %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
Conditions
- Start the task only if the computer is on AC power
- Stop if the computer switches to battery power
Settings
- Allow task to be run on demand
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new instance
TextServicesFramework
MsCtfMonitor
TextServicesFramework monitor task. Enabled by default.
Security Options
- Run as Users
- Run only when user is logged on
- Hidden
Triggers
- At logon of any user
Actions
- Run custom action handler with CLSID {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1} which refers to %SystemRoot%\system32\MsCtfMonitor.dll
Conditions
- None
Settings
-
Allow task to be run on demand
-
If the running task does not end when requested, force it to stop
-
If the running task is already running then start a new instance in parallel
Time Synchronization
SynchronizeTime
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Enabled by default.
Security Options
- Run as LOCAL SERVICE
- Run whether user is logged on or not
- Run with highest privileges
Triggers
- At 1:00 AM every Sunday
Actions
- %windir%\system32\sc.exe start w32time task_started
Conditions
- Start only if network connection is present
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If running task does not end when requested force it to stop
- If the task is already running do not start a new instance
UPnP
UPnPHostConfig
Set UPnPHost service to Auto-Start. Enabled by default, but no triggers configured.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
Triggers
- None
Actions
- Run sc.exe config upnphost start= auto
Conditions
- Start the task only if the computer is on AC Power
- Stop if the computer switches to battery power
Settings
- Allow task to be run on demand
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested force it to stop
- If the task is already running do not start a new instance
User Profile Service
HiveUploadTask
This task will automatically upload a roaming user profile’s registry hive to its network location.
Disabled by default.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
Triggers
- Every 12 hours from 28/08/2007 12:00:00 AM with random delay of 1 hr
Actions
- Run custom action handler with CLSID {BA677074-762C-444B-94C8-8C83F93F6605} which refers to APPID {72E3272B-4EEA-4104-B358-1A282E4FC1AD} which refers to User Profile Service DCOM server (profsvc)
Conditions
- Start the task only if the computer is idle for 10 minutes, wait for idle for 2 hrs
- Start only if a network connection is present
Settings
-
Allow task to be run on demand
-
Run task as soon as possible after a scheduled start is missed
-
If the task fails restart every 2 minutes up to 3 times
-
Stop if the task runs longer than 3 days
-
If the running task does not end when requested force it to stop
-
If the task is already running do not start a new instance
WDI
ResolutionHost
The Windows Diagnostic Infrastructure Resolution host enables interactive resolutions for system problems detected by the Diagnostic Policy Service. It is triggered when necessary by the Diagnostic Policy Service in the appropriate user session. If the Diagnostic Policy Service is not running, the task will not run
Enabled by default, but no triggers configured.
Security Options
- Run as INTERACTIVE
- Run only when user is logged on
- Run with highest privileges
- Hidden
Triggers
- None
Actions
- Run Custom Action Handler with CLSID {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1} which refers to %SystemRoot%\System32\wdi.dll
Condition
- None
Settings
- Allow task to be run on demand
- If the running task does not end when requested force it to stop
- If the task is already running run a new instance in parallel
Windows Error Reporting
QueueReporting
Windows Error Reporting task to process queued reports. Enabled by default.
Security Options
- Run as Users
- Run only when user is logged on
Triggers
- At logon of any user, delay task for 13 minutes
Actions
- Start %windir%\system32\wermgr.exe -queuereporting
Conditions
- None
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running then run a new instance in parallel
Windows Filtering Platform
BfeOnServiceStartTypeChange
This task adjusts the start type for firewall-triggered services when the start type of the Base Filtering Engine (BFE) is disabled.
Enabled by default.
Security Options
- Run as SYSTEM
- Run whether user is logged on or not
- Hidden
Triggers
- When event is raised in Service Control Manager log with System Event ID 7040 and Param4 is equal to BFE
Actions
- Run %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
Conditions
- None
Settings
- Stop the task if it runs longer than 3 days
- If the task is already running then queue a new instance
Windows Media Sharing
UpdateLibrary
This task updates the cached list of folders and the security permissions on any new files in a user’s shared media library.
Enabled by default.
Security Options
- Run as AUTHENTICATED USERS
- Run only when user is logged on
Triggers
- When log Microsoft-Windows-WMPNSS-Service has event ID 14210
Actions
- Run %ProgramFiles%\Windows Media Player\wmpnscfg.exe
Conditions
- None
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested force it to stop
- If the task is already running then run a new instance in parallel
WindowsBackup
ConfigNotification
This scheduled task notifies the user that Windows Backup has not been configured. Enabled by default.
Security Options
- Run as LOCAL SERVICE
- Run whether user is logged on or not
Triggers
- At 10:00 am every day
Actions
- Run %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
Conditions
- None
Settings
- Allow task to be run on demand
- Run task as soon as possible after a scheduled start is missed
- Stop the task if it runs longer than 3 days
- If the running task does not end when requested, force it to stop
- If the task is already running do not start a new instance
WindowsColorSystem
Calibration Loader
This task applies colour calibration settings. Disabled by default.
Security Options
- Run as Users
- Run only when user is logged on
Triggers
- At logon of any user
- On connection to user session
Actions
- Run custom action handler with CLSID {B210D694-C8DF-490D-9576-9E20CDBC20BD} which refers to %SystemRoot%\System32\mscms.dll
Conditions
- None
Settings
- Allow task to be run on demand
- If the task is not scheduled to run again queue a new instance
Lots of info here. Thanks for taking the time to write this all up!
Great post. Auslogics defrag task corrupted Sched Tasks in my ex’s machine and lost all properties. With this I can rebuild. Thanks much for the good and time consuming work.
Curt
Excellent Info.. Thank you very much !! I messed up a couple of settings and I was able to reset them based on this info. I really appreciate you taking the time to do this !! TS
Brilliant well done.
Thanks a million for this!
Great information. Thank you very much
Thank you for making this available.
Thank you so much. I saw my tasks had been wrongly configured by the vendor yet had no idea how to solve the problems. Your post is very important and helpful for me. Thank You Again!. Lisa
I was looking for help online when I came upon this great site with very valuable information. Thank you so much.The Task Scheduler suddenly got the error message: “The selected task “{0}” no longer exists.” The problem seems to be in the AppID folder where PolicyConverter is missing. I would like to recreate this task using your options but cannot create a new task in that folder. Nothing happens when clicking on AppID although I have no problem creating a new task in any other folder. Any help or suggestion would be very appreciated.Thanks in advance.
did you try closing all instances of task scheduler (i.e. mmc.exe) then, launch an elevated cmd prompt, then launch taskschd.msc. If you right click AppID, and it doesn’t work, what do you see?
Task Scheduler includes quite a few folders. Is there a way to close them all together temporarily so that I should be able to try your suggestion?
If I click on AppID I get that error message “The selected task “{0}” no longer exists.” When I click on OK and then press AppID I only see VerifiedPublisherCertStoreCheck . Then when I right click it again I can see the options, creat basic task, creat task, import task, etc. But when clicking on Create Task to create PolicyConverter nothing happens (it doesn’t open that screen with the fields to enter the task) but freezes Task Scheduler altogether. After which I can’t create at task in any other folder either until I restart Task Scheduler.
I would…select your missing task on a working machine, and use “Export…” option in task schd (you will have to select each task in AppID and export it) Then on your broken machine you may have to re-create folder — right click “Windows” and select New Folder, and create AppID folder. Then select AppID folder and use import folder to import the tasks. You can also use schtasks.exe from command line (schktasks /? )
I did as per your suggestion and it worked but then got this error message on other folders. I found that SystemRestore was the culprit and I was unable to import the xml file to this folder. I renamed this file in C:\Windows\System32\Tasks\Microsoft\Windows to XSystemRestore and the error message doesn’t come up anymore. I created a new System Restore in the Task Scheduler Library and everything is fine now. Thank you very much.
Hi. I need help with the following. My computer restarts everyday at the same time–whether I want it or not. Which one of the options above should I change to stop the restarting?
Hi, fabulous post – great work.
Having all of the above information, is there a way to created a reg file or task scheduler file that will recreate all of the default tasks?
Thanks again.
Wow, You are the Man! What an awesome thing you’ve done here. Thank you so much.
Hi
All the information here is a Copy/Paste version of what’s already available in the Task Scheduler pages. I regret I wasted 5 minutes of my life on this website.
Kind regards
Not all the info presented here is available in the task schedule page, it needs to be worked out from the registry or directly viewing the XML of the task schedule config.
well, @hole, the whole point in presenting this page is to check if ALL is there, as a reference. OP did a great job and i could actually fix 2 tasks missing, removed by a trojan.
is there something like this for Windows 10?