How to Run Batch Files via Windows Task Scheduler in Unattended Mode (No User Logon Required)


2 views

Many Windows administrators encounter this scenario: A perfectly functional batch script runs flawlessly when executed manually or via Task Scheduler with user logon, but fails silently when configured to run without a logged-in user. Let's dissect this common infrastructure automation pain point.

First, verify these critical settings in your Task Scheduler configuration:

- General Tab:
  * "Run whether user is logged on or not" (selected)
  * "Run with highest privileges" (checked)
  * "Configure for:" Windows 7 (or your OS version)

- Conditions Tab:
  * "Start the task only if the computer is on AC power" (unchecked)
  * All sleep/hibernate options disabled

- Settings Tab:
  * "Allow task to be run on demand" (checked)
  * "Stop the task if..." options disabled
  * "If the task fails, restart every:" (set retry logic)

The service account running the task needs explicit permissions both in Task Scheduler and the filesystem. For the test case mentioned:

icacls C:\temp /grant "DOMAIN\ServiceAccount":(OI)(CI)F
icacls "C:\scripts\yourbatch.cmd" /grant "DOMAIN\ServiceAccount":RX

Batch files running without user context often fail due to path issues. Always:

1. Use absolute paths for all file operations
2. Include command interpreter in your action:
   Program: C:\Windows\System32\cmd.exe
   Arguments: /c "C:\scripts\yourbatch.cmd"
3. Set "Start in" directory in task action

When troubleshooting, modify your batch to create an execution audit trail:

@echo off
set LOGFILE=C:\temp\task_debug_%date:~-4,4%%date:~-10,2%%date:~-7,2%.log
echo [%time%] Task started >> %LOGFILE%
whoami >> %LOGFILE%
set >> %LOGFILE%
echo [%time%] Attempting file write >> %LOGFILE%
echo "success" >> C:\temp\test.log 2>&1
echo [%time%] Exit code: %errorlevel% >> %LOGFILE%

The Local Service account has limited network access. For scripts requiring domain resources:

- Create a dedicated service account
- Grant "Log on as batch job" rights via:
  secpol.msc > Local Policies > User Rights Assignment
- For network resources, use persistent mapped drives:
  net use Z: \\server\share /persistent:yes /user:domain\account password

When batch files prove unreliable in unattended mode, consider:

1. PowerShell scripts (better error handling)
   Start-Transcript -Path "C:\logs\script.log"
   "success" | Out-File "C:\temp\test.log"

2. Compiled executables with proper service handling
3. Windows Service wrapper for critical operations

When attempting to execute batch files through Windows Task Scheduler in a non-interactive session (without user logon), many administrators encounter silent failures. The batch files run perfectly when triggered manually or under logged-in conditions, but produce no results when executed in session 0 (the non-interactive Windows service session).

schtasks /create /tn "MyBatchJob" /tr "C:\path\to\batch.cmd" /sc daily /st 00:00 /ru "DOMAIN\AdminUser" /rp "P@ssw0rd" /rl HIGHEST

For proper execution without user logon, these elements must be verified:

  • User account must have "Log on as a batch job" rights (secpol.msc → Local Policies → User Rights Assignment)
  • The task must be configured to "Run whether user is logged on or not"
  • Storage location must be accessible from system context (avoid mapped drives)

Create this diagnostic batch script (debug_wrapper.cmd):

@echo off
echo [%date% %time%] Script started >> C:\logs\scheduler_debug.log
whoami /all >> C:\logs\scheduler_debug.log
set >> C:\logs\scheduler_debug.log
call "%~dp0original_script.cmd" 2>&1 >> C:\logs\scheduler_debug.log
echo [%date% %time%] Exit code: %errorlevel% >> C:\logs\scheduler_debug.log

Environment Variables: Non-interactive sessions have different PATH and other variables. Always use absolute paths in scripts.

Working Directory: Explicitly set the Start in (optional) field in Task Scheduler to your script directory.

Network Resources: Use UNC paths (\\server\share) instead of mapped drives (Z:\).

For complex scenarios, consider these alternatives:

# PowerShell wrapper script
Start-Transcript -Path "C:\logs\powershell_wrapper.log"
try {
    & "C:\path\to\batch.cmd"
    if ($LASTEXITCODE -ne 0) {
        throw "Batch execution failed with exit code $LASTEXITCODE"
    }
}
catch {
    $_ | Out-File "C:\logs\error.log" -Append
}
finally {
    Stop-Transcript
}

Remember to configure the task to run powershell.exe -ExecutionPolicy Bypass -File C:\path\to\wrapper.ps1