How to Fix “Access Denied (0x8007005)” When Creating Scheduled Tasks for BAT Files


10 views

Many Windows administrators encounter the notorious "0x8007005: Access is denied" error when trying to schedule BAT files through Task Scheduler. This particularly occurs during task creation when clicking "Finish" in the wizard interface.

The error typically appears even when using administrative accounts (both domain and local). The core issue often relates to permission inheritance and security contexts rather than simple account privileges.

1. Explicitly Set the Working Directory

Batch files often fail when their working directory isn't properly set. Try this PowerShell alternative to create the task:

$Action = New-ScheduledTaskAction -Execute "cmd.exe" 
    -Argument "/c 'C:\path\to\your.bat'" 
    -WorkingDirectory "C:\path\to\"
$Principal = New-ScheduledTaskPrincipal -UserId "DOMAIN\user" -LogonType Password -RunLevel Highest
Register-ScheduledTask -TaskName "MyBatchJob" -Action $Action -Principal $Principal

2. Grant Explicit Permissions to the Script

Even admin accounts might need explicit NTFS permissions:

icacls "C:\path\to\your.bat" /grant "DOMAIN\user:(RX)"
icacls "C:\path\to\your.bat" /grant "SYSTEM:(RX)"

3. Check the "Run whether user is logged on or not" Option

In Task Scheduler, ensure you've selected this option rather than "Run only when user is logged on". The former runs in a different security context.

4. Verify Group Policy Restrictions

Some organizations restrict task creation through GPOs. Check these policies:

gpresult /h gpreport.html

Look for "Task Scheduler" related settings in Computer Configuration → Windows Settings → Security Settings.

If the above fails, examine the Windows Event Log for detailed errors:

Get-WinEvent -LogName Microsoft-Windows-TaskScheduler/Operational | Where-Object {$_.LevelDisplayName -eq "Error"}

For batch files accessing network resources, ensure the computer account has permissions too, as scheduled tasks might run under the SYSTEM context when configured with "Run whether user is logged on or not".

Consider converting your batch script to PowerShell, which has better scheduling integration:

# Save as .ps1 instead of .bat
Start-Transcript -Path "C:\logs\myjob.log"
# Your original batch commands converted to PowerShell
Copy-Item "\\server\share\file.txt" "C:\destination\" -Force
Stop-Transcript

Then schedule it with:

$Trigger = New-ScheduledTaskTrigger -Daily -At 9am
$Action = New-ScheduledTaskAction -Execute "powershell.exe" 
    -Argument "-NoProfile -ExecutionPolicy Bypass -File C:\scripts\myjob.ps1"
Register-ScheduledTask -TaskName "PSDailyJob" -Action $Action -Trigger $Trigger

I recently encountered an infuriating issue while trying to schedule a simple batch file to run daily. Despite using admin accounts (both domain and local), Windows Task Scheduler kept throwing the error:

The new task could not be created.
The specific error is:
0x8007005: Access is denied.
Try using the Task page Browse button to locate the application

After troubleshooting across multiple machines, I discovered several potential causes:

  • Insufficient permissions on the batch file location
  • Group Policy restrictions on scheduled tasks
  • UAC (User Account Control) interference
  • Incorrect security settings in the task definition
  • Network drive mappings not available at runtime

Here's what ultimately worked for me across different environments:

1. Create a dedicated service account with these rights:
   - "Log on as a batch job" (gpedit.msc → Computer Configuration → Windows Settings → Security Settings → Local Policies → User Rights Assignment)
   - Local administrator privileges

2. Set NTFS permissions on the batch file:
   icacls "C:\scripts\your_script.bat" /grant "DOMAIN\ServiceAccount":(RX)
   icacls "C:\scripts" /grant "DOMAIN\ServiceAccount":(OI)(CI)(RX)

3. When creating the task:
   - Select "Run whether user is logged on or not"
   - Check "Run with highest privileges"
   - For the action, use: cmd.exe /c "C:\scripts\your_script.bat"

If you prefer PowerShell for task creation, here's a robust script that handles permissions properly:

$Action = New-ScheduledTaskAction -Execute 'cmd.exe' 
    -Argument '/c "C:\scripts\your_script.bat"'
$Trigger = New-ScheduledTaskTrigger -Daily -At 9am
$Principal = New-ScheduledTaskPrincipal -UserId "DOMAIN\ServiceAccount" 
    -LogonType Password -RunLevel Highest
Register-ScheduledTask -TaskName "DailyBatchJob" 
    -Action $Action -Trigger $Trigger -Principal $Principal

When troubleshooting, check these logs:

1. Event Viewer → Applications and Services Logs → Microsoft → Windows → TaskScheduler
2. Run procmon.exe during task creation to spot permission issues
3. Test with a simple batch file that just creates a test file:
   @echo off
   echo %date% %time% > C:\temp\task_test.txt

The solution might vary depending on:

  • Windows Server vs. Workstation
  • Domain vs. standalone machine
  • Centralized management through GPO
  • Antivirus software interference