Run Powershell scripts from Windows task scheduler

With this short post I want to share information what you have to do to run Microsoft Powershell scripts from Windows task scheduler.

The challenge

I like to automate tasks I want to run on a daily basis. Earlier I did that with batch scripts but I ran into the challenge to use workarounds to handle pretty basic things. For example if I want to call specific commands only once a week. Did you ever try get the day of the week within a batch script? Or did you try to get the current date formats in a way you can use it to name a folder. Sometimes the easier way is to call a VB Script within a batch script or you have to cut the date string into pieces an reorder the parts in the way you need it.

Powershell is way more powerful (perhaps that is where the name comes from?) and we have a bigger range of opportunities. Since Powershell is deeper integrated in Microsoft Windows than batch ever had been the interaction with files, properties and Windows services is much easier. Powershell gives us much better output than batch does so that we can reuse informations a command outputs.

The implementation

Back to what we want to achieve. Running batch scripts works out of the box and Microsoft thought about ways to protect a PC against the execution of malicious scripts. It is good that they had the target to make the computer more safe but to be honest there are ways to easily bypass those security options. But that should not be part of this post.

Microsoft implemented an option called ‘ExecutionPolicy’ that defines what script is allowed to be executed on a computer.

There are four possibly types of that execution policy:

• Restricted – Execution of Powershell scripts is not allowed. Powershell can only be used interactively from a command line interface (CLI). This is the default setting for each Windows computer.
• AllSigned – Only those scripts can be executed that are signed by a trustworthy certificate authority.
• RemoteSigned – Downloaded scripts have to be signed by a trustworthy certificate authority while locally available scripts can be executed even if they are not signed.
• Unrestricted – Each and every script can be executed.

Compare to this Microsoft TechNet article: https://technet.microsoft.com/en-us/library/ee176961.aspx

The used execution policy – if it should differ to the default value of ‘Restricted’ – has to be set for the computer either manually as local administrator or through a group policy definition.

You can get the actual value of the execution policy by running the Get-ExecutionPolicy commandlet:

PS C:\WINDOWS\system32> Get-ExecutionPolicy
Restricted

Nevertheless a user can always run a script by starting Powershell with the execution policy as parameter:

powershell.exe -ExecutionPolicy Unrestricted -file C:\path\to\myscript.ps1

To be able to run your own scripts from task scheduler it is recommended to set the execution policy to ‘RemoteSigned’ in an elevated Powershell CLl:

PS C:\WINDOWS\system32> Set-ExecutionPolicy RemoteSigned

You have to confirm this change.

If you have successfully set the execution policy you are now ready to create a scheduled task. I will not cover the exact steps how to schedule a task but will tell you what you have to make different to any default executable program or to a batch script. While you can set a batch script as the program to execute within a scheduled task you have to call powershell.exe as program and define the script itself within the parameter ‘-file’.