___________________________________________________________________________________________________________________________
IMPORTANT ANNOUNCEMENT FOR OUR READERS!
AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at https://aka.ms/CISTechComm (hosted at https://techcommunity.microsoft.com). Please bear with us while we are still under construction!
We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either https://aka.ms/askpfeplat as you do today, or at our new site https://aka.ms/CISTechComm. Please feel free to update your bookmarks accordingly!
Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.
If you have never visited the TechCommunity site, it can be found at https://techcommunity.microsoft.com. On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.
NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at https://aka.ms/PFETechComm!
As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!
__________________________________________________________________________________________________________________________
Hello, Jeff “The Dude” Stokes here for an installment on a very important topic. Why should I not disable the task scheduler in Windows?
Long, long ago in the annals of IT history, the Task Scheduler was a poorly understood component of Windows. “What does it do?” We’d wonder…
Fast forward to today and now, the Task Scheduler is still a poorly understood component of Windows. “What does it do and why can’t I disable it to be secure?” We ask…
We have heard about some changes in Vista and Windows 7 regarding the task scheduler, but really, why not disable the dang thing to be more secure or increase system performance?
Because disabling the task scheduler does not make your system more secure, nor does it increase system performance. In fact, it makes your system less secure in Windows 8, and in Windows 7 and 8 makes performance worse, especially over time.
In Windows 7 the Task Scheduler is responsible for background health and cleaning processes such as optimizing prefetch and readyboot for instance. It also handles light defragmentation runs on the system.
In Windows 8, it’s even more important. It optimizes the start menu…
What else? File History is task scheduler based.
Bluetooth device cleanup (when you unpair a device)
Cleaning up Application Temporary Files as well
How about making sure the file system is healthy? Yeah that’s a task, too.
Run RAID sets on your machine? You’ll want task scheduler.
How about Windows Updates?
So let’s leave the Task Scheduler Service alone in our quest for security hardening and go pick on more interesting things like Anti-Virus and Data Loss Prevention kits.
So remember, Relax, don’t do it. Don’t disable the task scheduler!
For more information on the Task Scheduler see below:
Task Scheduler Changes in Windows Vista and Windows Server 2008 – Part One
http://blogs.technet.com/b/askperf/archive/2008/06/24/task-scheduler-changes-in-windows-vista-and-windows-server-2008-part-one.aspx
Task Scheduler Changes in Windows Vista and Windows Server 2008 – Part Two
http://blogs.technet.com/b/askperf/archive/2008/10/10/task-scheduler-changes-in-windows-vista-and-windows-server-2008-part-two.aspx
Task Scheduler Changes in Windows Vista and Windows Server 2008 – Part Three
http://blogs.technet.com/b/askperf/archive/2009/03/17/task-scheduler-changes-in-windows-vista-and-windows-server-2008-part-three.aspx
Two Minute Drill – Quickly test Task Scheduler
http://blogs.technet.com/b/askperf/archive/2011/06/10/two-minute-drill-quickly-test-task-scheduler.aspx
What’s New in Task Scheduler for Windows 8 & Server 2012
http://blogs.technet.com/b/askperf/archive/2013/07/05/what-s-new-in-task-scheduler-for-windows-8-amp-server-2012.aspx
Update 11/3/2013 -Mark Morowczynski
How To Configure Clustered Tasks with Windows Server 2012
http://blogs.msdn.com/b/clustering/archive/2012/05/31/10312527.aspx
Jeff “The Dude” Stokes
Alex, thanks for the feedback. Some actions you could do, you collect a WPRUI trace of the activity and really dig in, or even fire up process monitor and see what is going on on the system. Clearly something is amiss, lets get to the bottom of it! Let
me know if I can help. Jeff.Stokes@Microsoft.com
The trouble is few people that understand windows to any depth really know half of what goes but at least they know they don’t know.
Try deleting Hidden Index.dat files or resolving all NetStat connections back to a process to catch my drift
“Don’t touch this — trust us” doesn’t count as documentation :-)”
Yes I agree
Hi John,
Not that I am aware of no. This falls back to us not being able to document every individual item a customer may chose to do and the consequences of doing so. We can't write / document the permutations of how our product fails or would fail when someone does X to it.
To put it succinctly, Windows is tested and shipped with this service enabled by default and we KNOW there are lots of bad things that can happen if its turned off, but the hows and whys depend on how you are using Windows in your environment. I know to some it sounds like a cop-out to some extent. But this blog post is a best effort "Don't do this, you'll shoot yourself in the foot" type of thing. You know?
Would it be nice to know every task and what it does? Yeah honestly in my opinion, I think it would. But its going to change with the next release of Windows to some extent, and maybe with hotfixes / product installs (including 3rd party), etc. So it would be a bear and is it worth that colossal effort? Everything documentation wise hits a decision matrix akin to above at some point I imagine.
Task Scheduler is used not only by Microsoft products and tools (also a part of Windows), but also by many third party programs. Therefore disabling Task Scheduler does impact the performance of Windows.
Hi Balaji,
I think we're on the same page with your comment. Good point on third party products relying on it as well, good point.
Jeff
Say Steve, could you expand upon that perhaps? How exactly was it trashed, does your environment have the task scheduler proactively patched, like support.microsoft.com/…/2698800, perhaps? What were the exact symptoms? SP1 or SP0? Was a support case opened? Please email me the details at jeff.stokes@microsoft.com if you would be so kind. Since my primary role is to support enterprise clients and this is the first I've heard of a case like this, obviously I'm interested.
Petar, I don't recall taskhost being a vector for Conficker, although I am not a malware expert.
support.microsoft.com/…/962007
Autoplay I think was what you are getting at? Or am I missing your point. We don't recommend folks attempt to make a system more secure by disabling core components of Windows, but by sticking to well known and proven solutions. blogs.technet.com/…/sticking-with-well-known-and-proven-solutions.aspx
Has Microsoft ever published technical documentation on all the tasks that ship with Windows? What does each task do, why does it run when it does, and what really happens if it doesn't run. "Don't touch this — trust us" doesn't count as documentation 🙂
There are a lot of good reasons to disable the built in Task Scheduler. In the past 3 months, TS on my box has turned to trash (even though my box has a recent refresh of win7). My box got ejected from the domain and we had to re-enter it. This caused Task Scheduler (and hence, me) a lot of grief. Thus, I just disabled it because I am exhausted of fighting with windows every day. Instead, I wrote my own Task Scheduler to run as a service. It is 70% as full featured as the windows Task Scheduler. But, mine has custom email alerts, logging, AND it works every time. It also does not require the absurd domain creds to run on a local box.
Well, while I agree with the title, "Because disabling the task scheduler does not make your system more secure" is not very precise… Don't you remember conficker?
The article focuses on Windows client – a short side note regarding Windows Server: as long as the Task Scheduler Services on Windows Server 2012 (MicrosoftWindowsTaskSchedulerRegular Maintenance and MicrosoftWindowsTaskSchedulerMaintenance Configurator) lead to server reboots at 3am every day after an Windows update is detected (and even worse: 15 minutes after an admin logs in if the server was not restarted after 3 days), all the valid and good arguments fall on deaf ears for sysadmins not wanting to adjust to a – IMHO – broken server maintenance model. KB2885694 helps along the way, but why break the system in the first place?
There are negative impact of schedules tasks on pc and here is why. My win 8.1 when at idle begins to go crazy and cpu usage is maxed and my pc fan goes to over-drive and the temp goes up. This is only in windows 8 and 8.1 and not on other. SO I checked
and behold some windows processors that were schedules to run in idle mode are the culprit. I am still looking for a way to determine which tasks are safe to disable. As you see the task scheduler is not all goody good. It can harm the system.
But I’m the kind of person who dose all these task personalty. I like to be in control of my computer.
Evan if it means altering the REG to do it……….. I have had malware in the past that added a task to the task scheduler.
How often do the average people check the task scheduler to see what is scheduled?
But it won’t crash the system? I ask because I have a virus that reinfects by setting tasks to run to reinstall and spread the problem. And there are so so many tasks in the scheduler it would be pretty hard to clear them all correctly
So the main jist is that windows makes a mess and needs a plethora of scheduled tasks to clean up its own mess. now we’re going back to the bad old days when programs load up TSRs and whatnot. Which causes system instability and performance problems.
It certainly does not improve performance. By default it runs tons of slow disk chewing tasks that start whenever I leave the computer, but I hear the HD being chewed to death. This woud probably kill SSD disks really fast (no wonder mine died in 3 months).
Sometimes it starts processes while im actually working or playing on the PC, taking up CPU pwer, memory and ofc slowing everything down and causing freezes because it chews on the hard drive doing whatever it does (defragmenting probably). While disabling
the actualy Task Manager might break the system, everyone should look through the hundred or so tasks that are scheduled by default and disble most of it. Your PC will thank you for it. Prefetch, Superfetch, Defragmentation and what not are all useless disk
and performance killers.
Ok, understood: I shouldn’t disable Task Scheduler permanently. But what about disabling it temporarily because there are a bunch (20+) of tasks on my job server that I don’t want to run when I run some importand update or do some maintenance? I think
that it should be possible to disable user defined tasks.
well,
well,
I think it should be a way to disable it temporarily, when I’m recording audio or playing along a backing track using a usb audio interface with ASIO drivers some schedule task which I haven’t been able to identify starts and crashes my audio driver, I
must unplug and plug again my audio interface. It’s really annoying.
Nothing mentioned here I cant do myself manually at the correct time, When I look at how often Scheduled Tasked get used for malicious purposes and the lack of technical information provided on its functions.
How about providing some solutions and alternatives rather than advising to use a software that is know to be exploited.
The Task Scheduler also executes unwanted processes and the cleanup it does is extremely poor. I prefer to do this tasks manually or using other programs specifically designed to do the job (e.g. CCleaner, Glary utilities, etc.). Task Scheduler should
be deactivated, on the long run it does exactly the opposite of what it is intended to.
"Because disabling the task scheduler does not make your system more secure, nor does it increase system performance. In fact, it makes your system less secure in Windows 8, and in Windows 7 and 8 makes performance worse, especially over time."
My laptop with a core i7 4700qm processor, 8GB Ram, 32GB mSata cache and 1TB 5400 RPM HDD will like a word with you about performance (degradation):
– As a result of Automated maintenance:
1. Disk usage (by system) goes up to a 100%
2. CPU usage (all 8 cores (4 physical, 8 logical through hyperthreading)) goes to 60-100%
3. Hibernate and shutdown stop working (funnily enough, restart works)
4. The fan goes into overdrive (making what is normally a pretty silent system sound like a turbine).
– The tasks once started, never end. I have tried leaving the laptop alone to let maintenance tasks complete but despite leaving everything alone, the tasks hadn’t completed after ~4 hours.
– Initially, this only happened every once in a while (once every month or two) but lately (over past 2 months I think), it has got so bad that unless I turn off automatic maintenance from Scheduler on system boot, everything’s almost unusable (the tasks don’t
pause even when the system’s being used).
– The ~100% disk usage by the system results in slow file saves (delayed because of being in a queue I suppose) and saving to a vm (xubuntu in vmware with netbeans uploading files through FTP on save) is atrociously slow.
– It has got to the point where I’m seriously considering replacing Windows 8.1 and making Kubuntu 14.04 LTS my daily driver and only booting windows when I want to play civ 5 (the only game I play on my laptop).
– There is nothing wrong with the hardware, I’ve scanned the hard disk for defects and not found any.
– The same tasks when run manually are done in <30 minutes (unless I decide to defrag the disk after running a detailed scan with defender, that takes around 1 hour all told) so yes, I’d very much love to rip out the automated maintenance tasks and maintain
my system manually, it will be a lot less painful…
– As for security, if I can’t use the system myself due to scheduled tasks hogging all the resources, is it any different from getting a virus which hinders/prevents me from using the laptop? I think not…
For the record, Windows is fully updated (even the optional updates have been installed), virus definitions for defender are up-to-date and I have the latest drivers for all the hardware (except for my phone, don’t see the point, using a custom rom and file
transfers via usb and adb work just fine). I’ve even stopped using dexpot and rocketdock (tools I’ve been using since XP) and the only extensions I’ve got are Classic Shell, qtTabBar (which has to be re-enabled after system boot every time) and 7+ Taskbar
Tweaker, I have no idea what else to do and any help/guidance/pointers would be highly appreciated.
I have two entries – one that ends in 1001, and one that ends in 500. If you google the beginning and end of the entries: Optimize Start Menu Cache Files-S-1-5-21 … 1001 or 500 – there are some bad google hits (though not necessarily directly related
to the start menu optimization) – should I have both these entries?
What do you do on a RDSH server where the users are only transient? I get tons of these Optimize Start Menu tasks for users that may or may not log in anymore. There should be a way from Microsoft to purge these tasks after some time along with stale user
profiles. The same goes for old Font Cache files. I regularly have to delete 20GB of stale font cache files.
Raul for RDS and non-persistent pooled VDI you want to look at
https://www.bing.com/search?q=jeff%20stokes%20vdi%20script for either 7 or 8.
There are so many apps that use the Task Scheduler that it becomes bloated. I don’t WANT Windows updates. I don’t WANT my office suite and many utilities to check for updates every time I boot. I don’t WANT my keyboard, sound card, and printer to check
for spam updates every time I boot. A utility is needed to ride herd on Task Scheduler to prevent unwanted entries from popping up again and again in Task Scheduler.
Out of interest, Optimize Start Menu Cache on a heavy loaded terminal server. There are about 100 tasks. Should these all be enabled?
Hayden,
1st. I’m a lyrical mic murdered. 2nd. I’m going to address your question in the form of a haiku..
Kidding about the 2nd thing. I’m going to do a write up of what that is actually doing ok. So folks can decide if they need to disable. And also understand the ‘wth’ of it all.
Jeff
Be on the look out for that update here:
http://aka.ms/jeffstokes
In Windows 8.1 the Scheduled Tasks list contains hidden tasks to run the built in disk defragmenter at various times, such as when bringing the computer out of sleep in the morning. When the defragmenter is running on a small laptop, it is almost impossible to get work done on the computer. Even clicking a menu may be delayed by many seconds. Certainly, video cannot be played.
There must be some way to turn off automatic defragmentation, or to make it happen at the user’s desired times.
If I had designed Windows, I would have made sure that the message pump could never be dominated by an I/O operation, or by a task that refused to yield their control. At the very least, defragmentation should deliberately yield control several times a second, so it does not hog the computer and make it hang or run very slowly.
My ‘task scheduler’ tries to run 24/7 , when it is running my cpu usage goes
to 99% , I can’t play any games while it runs, I disable in Task mgr, but it restarts 30 to
40 seconds later, ruins everything I try to get done.
oops, forgot , that’s windows 7