3.2.5.1.1 Task Registration Security Checks
When adding a task to the task store, the server SHOULD check the following security permissions using any implementation-specific method<48> and MUST return ERROR_ACCESS_DENIED if the task is not allowed: <49>
|
|
|
Noninteractive tasks |
Interactive tasks |
|
|---|---|---|---|---|
|
Scheduling user |
Task running in the context of: |
Credentials stored centrally with Service For User |
Credentials stored locally |
Running as logged-on user |
|
Admin |
Self |
No password required |
Password required |
No password required |
|
Admin |
Other user |
Password required |
Password required |
No password required |
|
Admin |
Group |
Not allowed |
Not allowed |
No password required |
|
Admin |
System |
No password required |
No password required |
No password required |
|
Non-Admin |
Self |
No password required |
Password required |
No password required |
|
Non-Admin |
Other user |
Password required |
Password required |
Password required |
|
Non-Admin |
Group |
Not allowed |
Not allowed |
Not allowed |
|
Non-Admin |
System |
Not allowed |
Not allowed |
Not allowed |
When adding a task to the task store with a logon or session change trigger, the server SHOULD check the following matrix and MUST return E_ACCESSDENIED<50> if the task is not allowed:
|
|
What is specified in the Trigger? |
||
|---|---|---|---|
|
Who is the task registering entity? |
Same as registering entity |
Different from registering entity |
Nothing |
|
Admin |
Allowed |
Allowed |
Allowed |
|
Non-admin |
Allowed |
Not allowed |
Not allowed |