There is a scheduled task named UpdateOrchestrator\Reboot that will reboot a system after hours if it is left in a “pending reboot” state after applying Microsoft patches. I want to disable that because it can be a serious issue if this system reboots on its own.
I am successful in disabling this scheduled task the first time this section of PowerShell code is run, but if someone runs this script again (which will happen in this scenario), it throws an icalcs error, and I think it's because it’s already disabled.
$ScheduledTaskPath = $Env:windir + "\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot"
if (Test-Path $ScheduledTaskPath)
{
Disable-ScheduledTask -TaskName "\Microsoft\Windows\UpdateOrchestrator\Reboot"
# **Denying permissions on the SYSTEM account**
& icacls.exe $ScheduledTaskPath /deny SYSTEM:f
}
Else
{
Write-output “No reboot task found”
}
The error it gets in the log file is ERROR Running icacls.exe Command Error Code: 5
Is there a better way to write this so if the task is already disabled, it won’t get that error code? It’s causing me a lot of e-mails from concerned users.
Thank you in advance!
EDIT: New code, but still getting error.
I re-wrote this small bit of script, but now I'm getting an error on the “if Test-path” line stating "No MSFT_ScheduledTask objects found with property 'TaskName' equal to "\Microsoft\Windows\UpdateOrchestrator\Reboot" Verify the value of the property and retry.
This is how I re-wrote the code:
$ScheduledTaskPath = $Env:windir + "\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot"
if ((Test-Path $ScheduledTaskPath) -and (Get-ScheduledTask -TaskName "\Microsoft\Windows\UpdateOrchestrator\Reboot").State -ne 'disabled') {
Disable-ScheduledTask -TaskName "\Microsoft\Windows\UpdateOrchestrator\Reboot"
Denying permissions on the SYSTEM account
& icacls.exe $ScheduledTaskPath /deny SYSTEM:f }
Else
{
Write-output “No reboot task found”
}