When working with Windows Scheduled Tasks configured to run under service accounts with periodic password resets (common in enterprise environments), administrators often face the challenge of updating the stored credentials. The standard GUI doesn't provide an obvious way to update just the password while keeping the same account.
The most reliable way to update the password is through the command line using schtasks:
schtasks /change /tn "YourTaskName" /ru "DOMAIN\ServiceAccount" /rp "NewPassword123"For multiple servers, you can script this with PowerShell:
$servers = "server1","server2","server3"
$taskName = "DatabaseBackup"
$account = "DOMAIN\svc_backup"
$newPass = "P@ssw0rd2023"
foreach ($server in $servers) {
schtasks /change /s $server /tn $taskName /ru $account /rp $newPass
}For Windows Server 2012 and later (including Windows 10/11), use the PowerShell ScheduledTasks module:
$task = Get-ScheduledTask -TaskName "YourTask"
$task | Set-ScheduledTask -User "DOMAIN\ServiceAccount" -Password "NewPassword123"For tasks with complex triggers or actions:
# Export task
schtasks /query /tn "YourTask" /xml > task.xml
# Edit the XML to update password (look for Password node)
# Then reimport
schtasks /create /tn "UpdatedTask" /xml task.xml- Never store passwords in scripts - use secure strings or credential managers
- Consider using Group Managed Service Accounts (gMSA) when possible
- Test password changes during maintenance windows
- Document the password rotation process
If you encounter "The account name or password is incorrect" errors:
- Verify the account has "Log on as batch job" rights
- Check if the account is locked out
- Confirm the new password meets complexity requirements
- Try rebooting the server if changes don't take effect
When dealing with scheduled tasks running under service accounts in Windows environments, password rotation creates a persistent administrative headache. The standard GUI method fails to provide a password update field when modifying credentials, leaving many sysadmins frustrated.
The Task Scheduler UI in Windows Server 2008 R2 and Windows 7 has a peculiar limitation:
- Clicking "Change User or Group" only allows modifying the account name
- No password prompt appears during this operation
- The task continues using the old credentials until failure
The most reliable solution is using PowerShell's ScheduledTasks module. Here's the complete command sequence:
# First import the module
Import-Module ScheduledTasks
# Get the existing task object
$task = Get-ScheduledTask -TaskName "YourTaskName"
# Create new credential object
$newPassword = ConvertTo-SecureString "NewP@ssw0rd123!" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ("DOMAIN\ServiceAccount", $newPassword)
# Update the task with new credentials
Set-ScheduledTask -TaskName "YourTaskName" -User "DOMAIN\ServiceAccount" -Password "NewP@ssw0rd123!"
For environments where PowerShell isn't available, the classic SCHTASKS utility works:
schtasks /change /tn "YourTaskName" /ru "DOMAIN\ServiceAccount" /rp "NewP@ssw0rd123!"
For organizations with frequent password changes, consider this script template that integrates with your password management system:
# Get new password from your password vault
$newCreds = Get-PasswordFromVault -Account "ServiceAccount"
# Update all related tasks
$tasks = @("Task1", "Task2", "MaintenanceJob")
foreach ($task in $tasks) {
Set-ScheduledTask -TaskName $task -User $newCreds.Username -Password $newCreds.Password
Write-Host "Updated $task with new credentials"
}
After updating credentials, always verify:
- Run the task manually and check Event Viewer for errors
- Confirm the "Last Run Result" shows 0x0 (success)
- Validate permissions haven't been affected by the change