Add file hash checking capability to Task Scheduler
Scheduled Tasks should have the ability to verify a file’s authenticity prior to executing. For example, if a Scheduled Task is executing a PowerShell script that is being run with an account that has Domain Admin rights, anyone that has access to modify the PowerShell script on the server essentially has Domain Admin rights.
If there was an option added to the Scheduled Task setup where the owner could input the file hash of the PowerShell script and Task Scheduler checked the hash prior to executing the script, it would eliminate unauthorized changes.
One example where this would stop malicious changes:
1. Admin creates schedule task with service account that has Domain Admin rights.
2. Scheduled Task executes a script file.
3. Malicious person has admin access to the server, but not Domain Admin rights, modifies script.
4. Scheduled Task executes modified script with Domain Admin rights and malicious changes are made.
5. Malicious person then reverts script back to its original version.
"3. Malicious person has admin access to the server, but not Domain Admin rights, modifies script"
The problem is having an unauthorized person having administrator access to the server.
Hi. Task Scheduler is owned by the client team, so I recommend filing this through the Windows 10 Feedback Hub. We have no way to address this in Windows Server.
That said, I really like this idea and I hope you are successful. :)