I recently had a blow up of a server at work and unfortunately it was a server I adopted rather recently and so hadn’t been able to put the time into the discovery work on it that needed to be done. Well another group that the server was apparently shared with decided to do some updates and unfortunately blew the box out of the water. At this time I find out that the backup process in this customer was data only, not bare metal. Oi.
So one of the most painful aspects of this whole thing is around scheduled tasks. The JOB files are in intact, however, the creds (or even the SID of the runas ID) aren’t actually stored in the file and in fact there is NO WAY to ascertain what creds used to be used. This is amazingly annoying and painful as I sit here trying to work out creative ways to figure this out. I can think of multiple ways to get his info when the scheduler service is up and running ok but if all you have are JOB files there is nothing, or at least nothing I can find.
In looking this over I found that there isn’t even a way to properly export tasks. This is just plain silly. Does MSFT think that the one machine you deploy a dozen or more tasks to will always be up and running and survive forever?