Windows 7 Default Scheduled Tasks–Complete Overview

After the experience of disappearing desktop shortcuts as discussed in my previous blog Case of the Missing Desktop Shortcut Icons I decided it was a good idea to make sure there was nothing else unknown occurring in the background of my Windows 7 installation.

After reviewing the information in Task Scheduler here is what I’ve found. This is based on  a domain joined Windows 7 Enterprise x64 SP1 installation. The settings presented here should be default, or close to it. I haven’t consciously changed anything from a default install.

The scheduled tasks here all reside under \Microsoft\Windows\ in Task Scheduler. Task Scheduler can be opened by typing Task Scheduler into Start Menu.

image

 

Active Directory Rights Management Services Client

AD RMS Rights Policy Template Management (Automated)

Updates the AD RMS rights policy templates for the user. This job does not provide a credential prompt if authentication to the template distribution web service on the server fails. In this case, it fails silently.

By default this scheduled task is Disabled and will not run.

Security Options

  • Runs as Everyone
  • Only when user is logged in

Triggers

  • Daily at 3:00 am with random delay up to 1 hr
  • At logon of any user with delay of 1 hr

Conditions

  • Only runs if network connection is present.

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after scheduled start is missed
  • Stop the task if it runs longer than 1 hour.
  • If task is already running then run a new instance in parallel.

Actions

Custom handler. ClassID under context AllUsers:

{CF2CF428-325B-48D3-8CA8-7633E36E5A32}

Which refers to %systemroot%\system32\msdrm.dll

AD RMS Rights Policy Template Management (Manual)

Updates the AD RMS rights policy templates for the user. This job provides a credential prompt if authentication to the template distribution web service on the server fails.

By default this task is Enabled, but the automated triggers are disabled, so it will only run manually.

Security Options

  • Everyone, only when user is logged in

Triggers

  • At logon of any user (But this trigger is Disabled)

Conditions

  • Start the task only if computer is on AC Power
  • Stop if computer switches to battery power.
  • Start only if network connection is available.

Settings

  • Allow this task to be run on demand
  • Run task as soon as possible after scheduled start is missed
  • Stop the task if runs longer than an hour
  • If the task is already running start a new instance in parallel.

AppID

PolicyConverter

Converts the software restriction policies policy from XML into binary format.

By default this task is Disabled.

Security Options

  • Run as LOCAL SERVICE
  • Run whether user is logged on or no

Triggers

  • None

Conditions

  • None

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested force it to stop
  • If task is already running then queue a new instance.

Actions

  • Start %windir%\system32\appidpolicyconverter.exe

VerifiedPublisherCertStoreCheck

Inspects the AppID certificate cache for invalid or revoked certificates.

By default this task is Disabled.

Triggers

  • At startup
  • Delay task for 30 minutes, repeat task every 1 day indefinitely.

Conditions

  • Start task if computer is idle for 3 minutes
  • Wait for idle for 23 hours
  • Stop if the computer ceases to be idle
  • Restart if the idle state resumes
  • Start the task only if the computer is on AC power
  • Stop if the computer switches to battery power

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop
  • If the task is already running then queue a new instance.

Actions

  • Start %windir%\system32\appidcertstorecheck.exe

Application Experience

AitAgent

Aggregates and uploads Application Telemetry information if opted-in to the Microsoft Customer Experience Improvement Program.

Enabled by default.

Security Options

  • Run as SYSTEM
  • Run whether user is logged on or not

Triggers

  • Daily at 2:30 AM

Actions

  • Start %systemroot%\system32\aitagent.exe

Conditions

  • Start the task if computer is idle for 3 minutes
  • Wait for idle for 22 hours
  • Stop if the computer ceases to be idle
  • Restart if the idle state resumes
  • Start the task only if the computer is on AC power
  • Stop if the computer switches to battery power

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop
  • If the task is already running do not start a new instance

ProgramDataUpdater

Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program

Enabled by default.

Security Options

  • Run as SYSTEM
  • Run whether user is logged on or not

Triggers

  • At 12:30 AM every day

Actions

  • Start %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate

Conditions

  • Start the task only if the computer is idle for 3 minutes
  • Wait for idle for 23 hours
  • Stop if the computer ceases to be idle
  • Restart if the idle state resumes
  • Start the task only if the computer is on AC Power
  • Stop if the computer switches to battery power

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop
  • If the task is already running do not start a new instance

Autochk

Proxy

This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer Experience Improvement Program.

This is enabled by default.

Security Options

  • Run as LOCAL SERVICE
  • Run whether user is logged on or not

Triggers

  • At startup
  • Delay task for 30 minutes

Actions

  • Start %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations

Conditions

  • Start the task only if the computer is idle for 10 minutes
  • Wait for idle for 365 days

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop
  • If the task is already running do not start a new instance.

Bluetooth

UninstallDeviceTask

Uninstalls the PnP device associated with the specified Bluetooth service ID

Security Options

  • Run as SYSTEM
  • Run whether user is logged on or not

Triggers

  • None

Actions

  • Start %windir%\system32\BthUdTask.exe $(Arg0)

Conditions

  • Start the task only if the computer is on AC power
  • Stop if the computer switches to battery power

Settings

  • Allow task to be run on demand
  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop.
  • If the task is already running run a new instance in parallel

CertificateServicesClient

SystemTask

Certificate Services Client automatically manages digital identities such as Certificates, Keys and Credentials for the users and the machine, enabling enrollment, roaming and other services.

Enabled by default.

Security Options

  • Run as SYSTEM
  • Run whether user is logged on or not

Triggers

  • On an event – When System log has event with source Microsoft-Windows-GroupPolicy and ID 1502. (The Group Policy settings for the computer were processed successfully. New settings from x Group Policy objects were detected and applied.)
  • When the task is created or modified
  • At startup – delay task for 10 seconds, repeat every 8 hrs indefinitely

Actions

  • Custom Event Handler – CLSID {58FB76B9-AC85-4E55-AC04-427593B1D060} refers to %systemroot%\system32\dimsjob.dll
  • Data SYSTEM

Conditions

  • Start only if network connection is available

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • If the task fails, restart ever 1 minute, up to 5 times
  • If the running task does not end when requested, force it to stop
  • If the task is already running then run a new instance in parallel

UserTask

Certificate Services Client automatically manages digital identities such as Certificates, Keys and Credentials for the users and the machine, enabling enrollment, roaming and other services.

Enabled by default.

Security Options

  • Run as INTERACTIVE
  • Run only when user logged on

Triggers

  • On an event – When System log has event with source GroupPolicy and ID 1503. (The Group Policy settings for the user were processed successfully. New settings from x Group Policy objects were detected and applied.)
  • When the task is created or modified
  • At logon – repeat every 8 hrs indefinitely

Actions

  • Custom Event Handler – CLSID {58FB76B9-AC85-4E55-AC04-427593B1D060} refers to %systemroot%\system32\dimsjob.dll
  • Data USER

Conditions

  • Start only if network connection is available

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • If the task fails, restart every 1 minute up to 5 times
  • If the running task does not end when requested, force it to stop
  • If the task is already running then run a new instance in parallel

UserTask-Roam

Certificate Services Client automatically manages digital identities such as Certificates, Keys and Credentials for the users and the machine, enabling enrollment, roaming and other services.

Disabled by default.

Security Options

  • Run as INTERACTIVE
  • Run only when user is logged on

Triggers

  • On workstation lock of any user
  • On workstation unlock of any user

Actions

  • Custom Event Handler – CLSID {58FB76B9-AC85-4E55-AC04-427593B1D060} refers to %systemroot%\system32\dimsjob.dll
  • Data KEYROAMING

Conditions

  • Start the task only if the computer is on AC power
  • Stop if the computer switches to battery power
  • Start only if a network connection is available

Settings

  • Allow task to be run on demand
  • If the task fails, restart every 1 minute up to 5 times
  • If the running task does not end when requested, force it to stop
  • If the task is already running then run a new instance in parallel

Customer Experience Improvement Program

Consolidator

If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft.

Enabled by default.

Security Options

  • Run as SYSTEM
  • Run whether user is logged on or not

Triggers

  • One time – At 12:00 AM on 2/01/2004. After triggered repeat every 19 hrs indefinitely

Actions

  • Start %SystemRoot%\System32\wsqmcons.exe

Conditions

  • None

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop
  • If the task is already running do not start a new instance

KernelCeipTask

The Kernel CEIP (Customer Experience Improvement Program) task collects additional information about the system and sends this data to Microsoft.  If the user has not consented to participate in Windows CEIP, this task does nothing.

Enabled by default.

Security Options

  • Run as LOCAL SERVICE
  • Run whether user is logged on or not
  • Hidden (Note: Hidden Tasks are visible by default in Windows 7 Task Scheduler)

Triggers

  • On a schedule – every Thursday at 3:30 am

Actions

  • Custom Event Handler –  CLSID {E7ED314F-2816-4C26-AEB5-54A34D02404C} which refers to %SystemRoot%\System32\kernelceip.dll

Conditions

  • Start the task only if computer is idle for 3 minutes
  • Wait for idle for 17 hours
  • Start the task only if the computer is on AC power

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • If the task fails, retry every 45 minutes
  • Attempt to restart up to 1 times
  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop
  • If the task is already running do not start a new service.

UsbCeip

The USB CEIP (Customer Experience Improvement Program) task collects Universal Serial Bus related statistics and information about your machine and sends it to the Windows Device Connectivity engineering group at Microsoft.  The information received is used to help improve the reliability, stability, and overall functionality of USB in Windows.  If the user has not consented to participate in Windows CEIP, this task does not do anything.

Enabled by default.

Security Options

  • Run as LOCAL SERVICE
  • Run whether user is logged on or not
  • Hidden

Triggers

  • At 1:30 AM every 3 days

Actions

  • Run Custom Handler. CLSID {C27F6B1D-FE0B-45E4-9257-38799FA69BC8}
  • Data SYSTEM

Conditions

  • Start the task only if the computer is on AC Power
  • Stop if the computer switches to battery power

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • If the task fails, restart every 45 minutes, attempt restart up to 1 times
  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop

Defrag

ScheduledDefrag

This task defragments the computers hard disk drives. Enabled by default

Security Options

  • Run as SYSTEM
  • Run whether user is logged on or not
  • Run with highest privileges

Triggers

  • Every Wednesday at 1:00 AM
  • Randomly delay task for up to 2 hours

Actions

  • Start %windir%\system32\defrag.exe –c (Perform the operation on all volumes)

Conditions

  • Start the task only if the computer is idle for 3 minutes
  • Wait for idle for 7 days
  • Stop if the computer ceases to be idle
  • Restart if the idle state resumes
  • Start the task only if the computer is on AC power
  • Stop if the computer switches to battery power

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop

Diagnosis

Scheduled

The Windows Scheduled Maintenance Task performs periodic maintenance of the computer system by fixing problems automatically or reporting them through the Action Center.

Enabled by default.

Security Options

  • Run as INTERACTIVE
  • Run only when user is logged on
  • Run with highest privileges
  • Hidden

Triggers

  • Every Sunday at 1:00 am

Actions

  • Run custom action. CLSID {C1F85EF8-BCC2-4606-BB39-70C523715EB3} which refers to %SystemRoot%\System32\sdiagschd.dll

Conditions

  • Start the task only if the computer is idle for 10 minutes
  • Wait for idle for 8 hours
  • Start the task only if the computer is on AC power
  • Stop if the computer switches to battery power

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • Stop the task if it runs longer than 3 days
  • If the task is already running, then stop the existing instance.

DiskDiagnostic

Microsoft-Windows-DiskDiagnosticDataCollector

The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program.

Disabled by default.

Security Options

  • Run as SYSTEM
  • Run whether user is logged on or not
  • Hidden

Triggers

  • Every two weeks on Sunday 1:00 am

Actions

  • Start %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART

Conditions

  • Start the task only if the computer is idle for 10 minutes
  • Wait for idle for 1 hour
  • Start the task only if the computer is on AC Power

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop
  • If the task is already running do not start a new instance

Microsoft-Windows-DiskDiagnosticResolver

The Microsoft-Windows-DiskDiagnosticResolver warns users about faults reported by hard disks that support the Self Monitoring and Reporting Technology (S.M.A.R.T.) standard. This task is triggered automatically by the Diagnostic Policy Service when a S.M.A.R.T. fault is detected.

Disabled by default.

Security Options

  • Run as Users
  • Run with highest privileges
  • Hidden

Triggers

  • At logon of any user

Actions

  • Start %windir%\system32\DFDWiz.exe

Conditions

  • None

Settings

  • Allow task to be run on demand
  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop
  • If the task is already running then run a new instance in parallel

Locations

Notifications

Location Activity. Enabled by default.

Security Options

  • Run as Authenticated Users
  • Run when users is logged on

Triggers

  • On an event – when Application Log has event with source Location Activity and Event ID 1

Actions

  • Start %windir%\System32\LocationNotifications.exe

Conditions

  • None

Settings

  • Allow task to be run on demand
  • If the running task does not end when requested, force it to stop
  • If the task is already running then run a new instance in parallel

Maintenance

WinSAT

Measures a system’s performance and capabilities

Security Options

  • Run as Administrators
  • Run only when the user is logged on
  • Run with highest privileges

Triggers

  • On idle

Actions

  • Custom Handler. CLSID {A9A33436-678B-4C9C-A211-7CC38785E79D} which refers to %SystemRoot%\system32\WinSATAPI.dll

Conditions

  • Start the task only if the computer is idle for 10 minutes
  • Wait for idle for 1 hour
  • Stop if the computer ceases to be idle
  • Start the task only if the computer is on AC Power
  • Stop if the computer switches to battery power

Settings

  • Allow task to be run on demand
  • If the running task does not end when requested, force it to stop
  • If the task is already running do not start a new instance

MemoryDiagnostic

CorruptionDetector

Task for launching the Memory Diagnostic. Enabled by default.

Security Options

  • Run as Users
  • Run only when user is logged on
  • Hidden

Triggers

  • On event – When event in System log is raised with source Application Popup and Event ID 1801

Actions

  • Custom Action handler. CLSID {190BA3F6-0205-4F46-B589-95C6822899D2} which refers to %SystemRoot%\System32\memdiag.dll
  • Data PageNotZero

Conditions

  • None

Settings

  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop
  • If the task is already running do not run a new instance

DecompressionFailureDetector

Task for launching the Memory Diagnostic. Enabled by default.

Security Options

  • Run as Users
  • Run only when user is logged on
  • Hidden

Triggers

  • On an event – when log Microsoft-Windows-Kernel-StoreMgr/Operational has event raised with source Kernel-StoreMgr and Event ID 6.

Actions

  • Custom Action handler. CLSID {190BA3F6-0205-4F46-B589-95C6822899D2} which refers to %SystemRoot%\System32\memdiag.dll
  • Data Decompression

Conditions

  • None

Settings

  • Stop the task if it runs longer than 3 days
  • If the running task does not end when requested, force it to stop
  • If the task is already running do not start a new instance

MobilePC

HotStart

Launches applications configured for Windows HotStart. Enabled by default.

Security Options

  • Run as Authenticated Users 
  • Run only when user is logged on

Triggers

  • At logon of any user

Actions

  • Custom Action Handler. CLSID {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} which refers to %SystemRoot%\System32\HotStartUserAgent.dll

Conditions

  • None

Settings

  • Allow task to be run on demand
  • Run task as soon as possible after a scheduled start is missed
  • If the running task does not end when requested, force it to stop
  • If the task is already running run a new instance in parallel

    MUI

    LPRemove

    Launch language cleanup tool. Enabled by default.

    Security Options

    • Run as SYSTEM
    • Run whether user is logged on or not

    Triggers

    • At system startup, delay task for 25 minutes.

    Actions

    • Run %windir%\system32\lpremove.exe

    Conditions

    • Start the task only if the computer is idle for 10 minutes
    • Wait for idle for 1 hour
    • Stop if the computer ceases to be idle
    • Start the task only if the computer is on AC power

    Settings

    • Allow the task to be run on demand
    • Stop the task if it runs longer than 9 hours
    • If the task is already running do not start a new instance

    Multimedia

    SystemSoundsService

    System Sounds User Mode Agent. Enabled by default.

    Security Options

    • Run as Users
    • Run only when user is logged on

    Triggers

    • At logon of any user

    Actions

    • Run Custom Handler. CLSID {2DEA658F-54C1-4227-AF9B-260AB5FC3543}. Refers to %SystemRoot%\System32\PlaySndSrv.dll

    Conditions

    • No conditions

    Settings

    • Allow task to be run on demand
    • If the running task does not end when requested, force it to stop
    • If the task is already running then run a new instance in parallel

    NetTrace

    GatherNetworkInfo

    Network information collector. Task is enabled but no triggers configured.

    Security Options

    • Run as Users
    • Run only when user is logged on
    • Run with highest privileges

    Triggers

    • None

    Actions

    • Run %windir%\system32\gatherNetworkInfo.vbs

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • Stop the task if it runs longer than 3 days
    • If the running task does not end when requested, force it to stop
    • If the task is already running run a new instance in parallel

    NetworkAccessProtection

    • No events in this folder by default

    Offline Files

    Background Synchronization

    This task controls periodic background synchronization of Offline Files when the user is working in an offline mode.

    Disabled by default.

    Security Options

    • Run as Authenticated Users
    • Run only when user is logged on

    Triggers

    • One time – at 12:00 AM on 1/01/2008
    • Delay task randomly up to 1 hour
    • Repeat task every 6 hours indefinitely

    Actions

    • Run custom action handler. CLSID {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} Refers to %SystemRoot%\System32\cscui.dll

    Conditions

    • Start only if network connection is available

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • Stop the task if it runs longer than 1 day
    • If the running task does not end when requested, force it to stop
    • If the task is already running then do not start a new instance.

    Logon Synchronization

    This task initiates synchronization of Offline Files when a user logs onto the system.

    Disabled by default.

    Security Options

    • Run as Authenticated Users
    • Run only when user is logged on

    Triggers

    • At logon of any user

    Actions

    • Custom Event Handler with CLSID {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} with data Logon. Refers to %SystemRoot%\System32\cscui.dll

    Conditions

    • Start the task only if the computer is on AC power
    • Stop if the computer switches to the battery power

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • Stop the task if it runs longer than 1 day
    • If running task does not end when requested force it to stop
    • If the task is already running do not start a new instance

    PerfTrack

    BackgroundConfigSurveyor

    Performance Tracing Idle Task: Background configuration surveyor. Disabled by default.

    Security Options

    • Run as LOCAL SERVICE
    • Run whether user is logged on or not
    • Hidden

    Triggers

    • When computer is idle
    • At 3:00 AM every day

    Actions

    • Custom Action Handler with CLSID {EA9155A3-8A39-40B4-8963-D3C761B18371} which refers to C:\Windows\System32\perftrack.dll

    Conditions

    • Start the task only if the computer is on AC Power

    Settings

    • Allow task to be run on demand
    • Stop the task if it runs longer than 3 days
    • If the task is already running do not start a new instance

    PLA\System

    No tasks defined under this folder by default.

    Power Efficiency Diagnostics

    AnalyzeSystem

    This job analyzes the system looking for conditions that may cause high energy use. Enabled by default.

    Security Options

    • Run as SYSTEM
    • Run whether user is logged on or not

    Triggers

    • Runs at 6:00 AM every 14 days
    • Randomly delay task for up to 8 hrs

    Actions

    • Start %SystemRoot%\System32\powercfg.exe -energy -auto

    Conditions

    • Start the task only if computer is idle for 5 minutes
    • Wait for idle for 2 hours

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • Stop the task if it runs longer than 5 minutes
    • If the running task does not end when requested, force it to stop
    • If  the task is already running do not start a new instance

    RAC

    RacTask

    Microsoft Reliability Analysis task to process system reliability data. Enabled by default.

    Security Options

    • Run as LOCAL SERVICE
    • Run whether user is logged on or not
    • Hidden

    Triggers

    • When an event in Application log is raised with source Customer Experience Improvement Program and event ID 1007
    • On a schedule starting 31/03/2008 11:00 am. Delay task randomly up to 15 minutes, repeat every 1 hour indefinitely

    Actions

    • Custom Event Handler with CLSID {42060D27-CA53-41F5-96E4-B1E8169308A6} and data $(Arg0) Refers to %systemroot%\system32\RacEngn.dll

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • If the running task does not end when requested force it to stop
    • If the task is already running do not start a new instance

    Ras

    MobilityManager

    Provides support for the switching of mobility enabled VPN connections if their underlying interface goes down.

    Enabled by default.

    Security Options

    • Run as LOCAL SERVICE
    • Run whether user is logged on or not

    Triggers

    • When an event is raised in Application log with provider name RasClient and level is 4 or 0 and Event ID is 20281

    Actions

    • Custom Event Handler with CLSID {C463A0FC-794F-4FDF-9201-01938CEACAFA} which refers to %systemroot%\system32\rasmbmgr.dll

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • Stop the task if it runs longer than 3 days
    • If the running task does not end when requested, force it to stop
    • If the task is already running then run a new instance in parallel

    Registry

    RegIdleBackup

    Registry Idle Backup Task. Enabled by default.

    Security Options

    • Run as SYSTEM
    • Run whether user is logged on or not
    • Hidden

    Triggers

    • Every 10 days at 12:00 am, randomly delay start by up to 1 hr

    Actions

    • Custom Action Handler with CLSID {CA767AA8-9157-4604-B64B-40747123D5F2} which refers to %SystemRoot%\System32\regidle.dll

    Conditions

    • Start the task only if the computer is idle for 3 minutes
    • Wait for idle for 23 hours
    • Stop if the computer ceases to be idle
    • Restart if the idle state resumes

    Settings

    • Run task as soon as possible after a scheduled start is missed
    • If the running task does not end when requested, force it to stop
    • If the task is already running do not start a new instance

    RemoteApp and Desktop Connections Update

    This folder is empty by default.

    RemoteAssistance

    RemoteAssistanceTask

    Checks group policy for changes relevant to Remote Assistance

    Security Options

    • Run as SYSTEM
    • Run whether user is logged on or not
    • Run with highest privileges
    • Hidden

    Triggers

    • When event in System log is raised with source GroupPolicy and event ID 1502, delay task for 15 seconds
    • When task is created or modified

    Actions

    • Run %windir%\system32\RAServer.exe /offerraupdate

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • Stop the task if it runs longer than 3 days
    • If the running task does not end when requested force it to stop
    • If the task is already running then queue a new instance

    Shell

    WindowsParentalControls

    Notifications for actions taken by Windows Parental Controls.

    Security Options

    • Run as AUTHENTICATED USERS
    • Run only when user is logged on
    • Hidden

    Triggers

    • At logon of any user, delay task for 1 second

    Actions

    • Run Custom Event Handler with CLSID {DFA14C43-F385-4170-99CC-1B7765FA0E4A} which refers to C:\Windows\System32\wpcumi.dll

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • If the task fails restart every 1 minute
    • Attempt to restart up to 5 times
    • If the running task does not end when requested force it to stop
    • If the task is already running run a new instance in parallel

    WindowsParentalControlsMigration

    Migration for Windows Parental Controls. Disabled by default.

    Security Options

    • Run as SYSTEM
    • Run whether user is logged on or not
    • Run with highest privileges
    • Hidden

    Triggers

    • At logon of any user, delay for 1 second

    Actions

    • Run Custom Action Handler with CLSID {343D770D-7788-47C2-B62A-B7C4CED925CB} which refers to C:\Windows\System32\wpcmig.dll

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • If the task fails restart every 1 minute
    • Attempt to restart up to 1 time
    • If the running task does not end when requested force it to stop
    • If the task is already running run a new instance in parallel

    SideShow

    AutoWake

    This task automatically wakes the computer and then puts it to sleep when automatic wake is turned on for a Windows SideShow-compatible device.

    Disabled by default.

    Security Options

    • Run as LOCAL SERVICE
    • Run whether user is logged on or not

    Triggers

    • At the logon of any user, delay for 1 minute

    Actions

    • Run custom action handler with CLSID {E51DFD48-AA36-4B45-BB52-E831F02E8316} which refers to %SystemRoot%\System32\AuxiliaryDisplayServices.dll

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • If the running task does not end when requested force it to stop
    • If the task is already running then do not start a new instance

    GadgetManager

    This task manages and synchronizes metadata for the installed gadgets on a Windows SideShow-compatible device.

    Enabled by default, but trigger is disabled.

    Security Options

    • Run as Users
    • Run only when user is logged on

    Triggers

    • At logon of any user

    Actions

    • Run Custom Action Handler with CLSID {FF87090D-4A9A-4F47-879B-29A80C355D61} with data $(Arg0) Refers to %SystemRoot%\System32\AuxiliaryDisplayServices.dll

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • Stop the task if it runs longer than 3 days
    • If the running task does not end when requested force it to stop
    • If the task is already running then queue a new instance

    SessionAgent

    This task manages the session behavior when multiple user accounts exist on a Windows SideShow-compatible device.

    Disabled by default.

    Security Options

    • Run as Users
    • Run only when user is logged on

    Triggers

    • At logon of any user, delay for 15 seconds

    Actions

    • Run Custom Action Handler with CLSID {45F26E9E-6199-477F-85DA-AF1EDFE067B1} which refers to %SystemRoot%\System32\AuxiliaryDisplayServices.dll

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • If the running task does not end when requested force it to stop
    • If the task is already running run a new instance in parallel

    SystemDataProviders

    This task provides system data for the clock, power source, wireless network strength, and volume on a Windows SideShow-compatible device.

    Disabled by default.

    Security Options

    • Run as LOCAL SERVICE
    • Run whether user is logged on or not

    Triggers

    • At log on of any user, delay task for 30 seconds

    Actions

    • Run custom action handler with CLSID {7CCA6768-8373-4D28-8876-83E8B4E3A969} which refers to %SystemRoot%\System32\AuxiliaryDisplayServices.dll

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • If the running task does not end when requested, force it to stop
    • If the task is already running do not start a new instance

    SoftwareProtectionPlatform

    SvcRestartTask

    This task restarts the Software Protection Platform service at the specified time. Enabled by default.

    Security Options

    • Run as NETWORK SERVICE
    • Run whether user is logged on or not
    • Hidden

    Triggers

    • At 12:37:31 PM every day

    Actions

    • Run sc.exe start sppsvc

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • If the task fails restart every 1 minute, retry up to 3 times
    • If the task is already running then do not start a new instance

    SyncCenter

    No tasks by default.

    SystemRestore

    SR

    This task creates regular system protection points. Enabled by default.

    Security Options

    • Run as SYSTEM
    • Run whether user is logged on or not

    Triggers

    • At 12:00 AM every day
    • At system startup, delay up to 30 minutes

    Actions

    • Start %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation

    Conditions

    • Start the task only if the computer is idle for 10 minutes
    • Wait for idle for 23 hours
    • Start the task only if the computer is on AC Power

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • Stop the task if it runs longer than 3 days
    • IF the running task does not end when requested force it to stop
    • If the task is already running then do not start a new instance

    Task Manager

    Interactive

    Runs a task as the interactive user. Enabled by default.

    Security Options

    • Run as INTERACTIVE
    • Run only when user is logged on
    • Hidden

    Triggers

    • No triggers

    Actions

    • Run Custom Action Handler with CLSID {855FEC53-D2E4-4999-9E87-3414E9CF0FF4} which refers to %SystemRoot%\system32\wdc.dll

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • If the running task does not end when requested, force it to stop
    • If the task is already running then run a new instance in parallel

    Tcpip

    IpAddressConflict1

    This event is triggered when an IP address conflict is detected. Enabled by default.

    Security Options

    • Run as Users
    • Run only when user is logged on
    • Run with highest privileges

    Triggers

    • When event is raised in System log with source Tcpip and event ID 4198.

    Actions

    • %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem

    Conditions

    • Start the task only if the computer is on AC Power
    • Stop if the computer switches to battery power

    Settings

    • Allow task to be run on demand
    • Stop the task if it runs longer than 3 days
    • If the running task does not end when requested force it to stop
    • If the task is already running do not start a new instance

    IpAddressConflict2

    This event is triggered when an IP address conflict is detected.

    Security Options

    • Run as Users
    • Run only when user is logged on
    • Run with highest privileges

    Triggers

    • When event is raised in System log with source Tcpip and event ID 4199.

    Actions

    • %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem

    Conditions

    • Start the task only if the computer is on AC power
    • Stop if the computer switches to battery power

    Settings

    • Allow task to be run on demand
    • Stop the task if it runs longer than 3 days
    • If the running task does not end when requested, force it to stop
    • If the task is already running do not start a new instance

    TextServicesFramework

    MsCtfMonitor

    TextServicesFramework monitor task. Enabled by default.

    Security Options

    • Run as Users
    • Run only when user is logged on
    • Hidden

    Triggers

    • At logon of any user

    Actions

    • Run custom action handler with CLSID {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1} which refers to %SystemRoot%\system32\MsCtfMonitor.dll

    Conditions

    • None

    Settings

    • Allow task to be run on demand

    • If the running task does not end when requested, force it to stop

    • If the running task is already running then start a new instance in parallel

    Time Synchronization

    SynchronizeTime

    Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

    Enabled by default.

    Security Options

    • Run as LOCAL SERVICE
    • Run whether user is logged on or not
    • Run with highest privileges

    Triggers

    • At 1:00 AM every Sunday

    Actions

    • %windir%\system32\sc.exe start w32time task_started

    Conditions

    • Start only if network connection is present

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • Stop the task if it runs longer than 3 days
    • If running task does not end when requested force it to stop
    • If the task is already running do not start a new instance

    UPnP

    UPnPHostConfig

    Set UPnPHost service to Auto-Start. Enabled by default, but no triggers configured.

    Security Options

    • Run as SYSTEM
    • Run whether user is logged on or not

    Triggers

    • None

    Actions

    • Run sc.exe config upnphost start= auto

    Conditions

    • Start the task only if the computer is on AC Power
    • Stop if the computer switches to battery power

    Settings

    • Allow task to be run on demand
    • Stop the task if it runs longer than 3 days
    • If the running task does not end when requested force it to stop
    • If the task is already running do not start a new instance

    User Profile Service

    HiveUploadTask

    This task will automatically upload a roaming user profile’s registry hive to its network location.

    Disabled by default.

    Security Options

    • Run as SYSTEM
    • Run whether user is logged on or not

    Triggers

    • Every 12 hours from 28/08/2007 12:00:00 AM with random delay of 1 hr

    Actions

    • Run custom action handler with CLSID {BA677074-762C-444B-94C8-8C83F93F6605} which refers to APPID {72E3272B-4EEA-4104-B358-1A282E4FC1AD} which refers to User Profile Service DCOM server (profsvc)

    Conditions

    • Start the task only if the computer is idle for 10 minutes, wait for idle for 2 hrs
    • Start only if a network connection is present

    Settings

    • Allow task to be run on demand

    • Run task as soon as possible after a scheduled start is missed

    • If the task fails restart every 2 minutes up to 3 times

    • Stop if the task runs longer than 3 days

    • If the running task does not end when requested force it to stop

    • If the task is already running do not start a new instance

    WDI

    ResolutionHost

    The Windows Diagnostic Infrastructure Resolution host enables interactive resolutions for system problems detected by the Diagnostic Policy Service. It is triggered when necessary by the Diagnostic Policy Service in the appropriate user session. If the Diagnostic Policy Service is not running, the task will not run

    Enabled by default, but no triggers configured.

    Security Options

    • Run as INTERACTIVE
    • Run only when user is logged on
    • Run with highest privileges
    • Hidden

    Triggers

    • None

    Actions

    • Run Custom Action Handler with CLSID {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1} which refers to %SystemRoot%\System32\wdi.dll

    Condition

    • None

    Settings

    • Allow task to be run on demand
    • If the running task does not end when requested force it to stop
    • If the task is already running run a new instance in parallel

    Windows Error Reporting

    QueueReporting

    Windows Error Reporting task to process queued reports. Enabled by default.

    Security Options

    • Run as Users
    • Run only when user is logged on

    Triggers

    • At logon of any user, delay task for 13 minutes

    Actions

    • Start %windir%\system32\wermgr.exe -queuereporting

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • Stop the task if it runs longer than 3 days
    • If the running task does not end when requested, force it to stop
    • If the task is already running then run a new instance in parallel

    Windows Filtering Platform

    BfeOnServiceStartTypeChange

    This task adjusts the start type for firewall-triggered services when the start type of the Base Filtering Engine (BFE) is disabled.

    Enabled by default.

    Security Options

    • Run as SYSTEM
    • Run whether user is logged on or not
    • Hidden

    Triggers

    • When event is raised in Service Control Manager log with System Event ID 7040 and Param4 is equal to BFE

    Actions

    • Run %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange

    Conditions

    • None

    Settings

    • Stop the task if it runs longer than 3 days
    • If the task is already running then queue a new instance

    Windows Media Sharing

    UpdateLibrary

    This task updates the cached list of folders and the security permissions on any new files in a user’s shared media library.

    Enabled by default.

    Security Options

    • Run as AUTHENTICATED USERS
    • Run only when user is logged on

    Triggers

    • When log Microsoft-Windows-WMPNSS-Service  has event ID 14210

    Actions

    • Run %ProgramFiles%\Windows Media Player\wmpnscfg.exe

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • Stop the task if it runs longer than 3 days
    • If the running task does not end when requested force it to stop
    • If the task is already running then run a new instance in parallel

    WindowsBackup

    ConfigNotification

    This scheduled task notifies the user that Windows Backup has not been configured. Enabled by default.

    Security Options

    • Run as LOCAL SERVICE
    • Run whether user is logged on or not

    Triggers

    • At 10:00 am every day

    Actions

    • Run %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • Run task as soon as possible after a scheduled start is missed
    • Stop the task if it runs longer than 3 days
    • If the running task does not end when requested, force it to stop
    • If the task is already running do not start a new instance

    WindowsColorSystem

    Calibration Loader

    This task applies colour calibration settings. Disabled by default.

    Security Options

    • Run as Users
    • Run only when user is logged on

    Triggers

    • At logon of any user
    • On connection to user session

    Actions

    • Run custom action handler with CLSID {B210D694-C8DF-490D-9576-9E20CDBC20BD} which refers to %SystemRoot%\System32\mscms.dll

    Conditions

    • None

    Settings

    • Allow task to be run on demand
    • If the task is not scheduled to run again queue a new instance

    THE END (Finally)

    About chentiangemalc

    specializes in end-user computing technologies. disclaimer 1) use at your own risk. test any solution in your environment. if you do not understand the impact/consequences of what you're doing please stop, and ask advice from somebody who does. 2) views are my own at the time of posting and do not necessarily represent my current view or the view of my employer and family members/relatives. 3) over the years Microsoft/Citrix/VMWare have given me a few free shirts, pens, paper notebooks/etc. despite these gifts i will try to remain unbiased.
    This entry was posted in Windows 7 and tagged . Bookmark the permalink.

    18 Responses to Windows 7 Default Scheduled Tasks–Complete Overview

    1. JK says:

      Lots of info here. Thanks for taking the time to write this all up!

    2. Curt Mortrud says:

      Great post. Auslogics defrag task corrupted Sched Tasks in my ex’s machine and lost all properties. With this I can rebuild. Thanks much for the good and time consuming work.

      Curt

    3. tony says:

      Excellent Info.. Thank you very much !! I messed up a couple of settings and I was able to reset them based on this info. I really appreciate you taking the time to do this !! TS

    4. Rob says:

      Brilliant well done.

    5. Erik Elsom says:

      Thanks a million for this!

    6. August Ceriles says:

      Great information. Thank you very much

    7. Jeannie says:

      Thank you for making this available.

    8. Lisa says:

      Thank you so much. I saw my tasks had been wrongly configured by the vendor yet had no idea how to solve the problems. Your post is very important and helpful for me. Thank You Again!. Lisa

    9. ringplus1@gmail.com says:

      I was looking for help online when I came upon this great site with very valuable information. Thank you so much.The Task Scheduler suddenly got the error message: “The selected task “{0}” no longer exists.” The problem seems to be in the AppID folder where PolicyConverter is missing. I would like to recreate this task using your options but cannot create a new task in that folder. Nothing happens when clicking on AppID although I have no problem creating a new task in any other folder. Any help or suggestion would be very appreciated.Thanks in advance.

      • did you try closing all instances of task scheduler (i.e. mmc.exe) then, launch an elevated cmd prompt, then launch taskschd.msc. If you right click AppID, and it doesn’t work, what do you see?

    10. ringplus1@gmail.com says:

      Task Scheduler includes quite a few folders. Is there a way to close them all together temporarily so that I should be able to try your suggestion?
      If I click on AppID I get that error message “The selected task “{0}” no longer exists.” When I click on OK and then press AppID I only see VerifiedPublisherCertStoreCheck . Then when I right click it again I can see the options, creat basic task, creat task, import task, etc. But when clicking on Create Task to create PolicyConverter nothing happens (it doesn’t open that screen with the fields to enter the task) but freezes Task Scheduler altogether. After which I can’t create at task in any other folder either until I restart Task Scheduler.

      • I would…select your missing task on a working machine, and use “Export…” option in task schd (you will have to select each task in AppID and export it) Then on your broken machine you may have to re-create folder — right click “Windows” and select New Folder, and create AppID folder. Then select AppID folder and use import folder to import the tasks. You can also use schtasks.exe from command line (schktasks /? )

    11. Rinny says:

      I did as per your suggestion and it worked but then got this error message on other folders. I found that SystemRestore was the culprit and I was unable to import the xml file to this folder. I renamed this file in C:\Windows\System32\Tasks\Microsoft\Windows to XSystemRestore and the error message doesn’t come up anymore. I created a new System Restore in the Task Scheduler Library and everything is fine now. Thank you very much.

    12. Hi. I need help with the following. My computer restarts everyday at the same time–whether I want it or not. Which one of the options above should I change to stop the restarting?

    13. Steve says:

      Hi, fabulous post – great work.

      Having all of the above information, is there a way to created a reg file or task scheduler file that will recreate all of the default tasks?

      Thanks again.

    14. E York says:

      Wow, You are the Man! What an awesome thing you’ve done here. Thank you so much.

    15. Mihai Tintea says:

      Hi

      All the information here is a Copy/Paste version of what’s already available in the Task Scheduler pages. I regret I wasted 5 minutes of my life on this website.

      Kind regards

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s