In Windows XP the Task Scheduler was easy to deal with. Anyone could look at it (Control Panel -> Scheduled Tasks) and easily understand which tasks were scheduled and when they ran.
Windows 7 introduced a new convoluted interface (taskschd.msc), that I found terribly confusing. Perhaps, given enough time and research, I might have figured out how to interpret the new hieroglyphic interface, but I never bothered. Since Windows 7 was introduced, the task scheduler and I have not been on speaking terms.
That just changed.
The recently introduced TaskSchedulerView program by Nir Sofer, offers a dead simple interface to the task scheduler.
Mr Sofer, along with Mark Russinovich, are two of the most important people producing Windows software. Their excellent, and free, software fills in many of the holes that Microsoft leaves in their operating systems. And understanding the Task Scheduler has been a hole, for me, since 2009.
TaskSchedulerView offers a familiar table format. There is so much data about each scheduled task that a screen shot, such as the one below, can't do it justice.
For every task in the system, TaskSchedulerView displays
- Task Name
- Task Status (Ready, Disabled, Queued or Running)
- Task Description (if available)
- The author and source of the task (when available)
- Status (enabled or disabled)
- The date/time when it last ran
- The date/time when it is next scheduled to run
- Task Folder*
- If the tasks runs an EXE file, the name and path to the file
- The COM handler for the task
- The number of missed runs
- Triggers, which are the scheduling rules for the task (run Daily, weekly, monthly, run at boot, run at logon, run when an event happens)
- and more...
The list of scheduled tasks can be quite long. Fortunately you can sort the table on any column. For example, it might be useful to see the tasks sorted by the date/time of the next scheduled run. Or, sorted by author. Or, sorted such that those that run automatically at system startup are grouped together.
Note that scheduling a program to run at startup time is only one of many ways to have Windows automatically run a program. For a full accounting of programs that run at startup, see Mark Russinovich's excellent Autoruns program.
You can also re-arrange the columns by simply dragging and dropping them. With so much data to review, I found this invaluable.
Or, you can double-click on a task to see all its data in the format shown below.
Another way to deal with the large amount of provided information is to hide disabled tasks by clicking Options on the menu bar, then "Hide Disabled Tasks." This becomes more important as you disable tasks you don't want running.
Despite its name, TaskSchedulerView can easily enable and disable tasks, simply by right clicking on them. After reviewing a couple Windows 7 systems, I had disabled a number of tasks on each machine (more below).
TaskSchedulerView comes in both 32 and 64 bit editions. It is supported on Windows Vista, 7, 8 and the just-released Windows 10. Like all the programs released by Mr. Sofer, TaskSchedulerView is free and has no ads. It is also portable, just download a zip file, unpack it and run TaskSchedulerView.exe.
Using TaskSchedulerView I felt a bit like the proverbial kid in the candy store. There's just so much to see :-)
EXAMINING WINDOWS 7
The first Windows 7 system that I examined with TaskSchedulerView had 71 scheduled tasks (shown on the far left of the status bar) which seems to be about average for the systems I reviewed.
A task called UsbCeip (Customer Experience Improvement Program) caught my eye. It runs every 3 days and, according to the description, it
... collects Universal Serial Bus related statistics and information about your machine and sends it to the Windows Device Connectivity engineering group at Microsoft. The information received is used to help improve the reliability, stability, and overall functionality of USB in Windows. If the user has not consented to participate in Windows CEIP, this task does not do anything.
I disabled it.
Another task, called KernelCeipTask, has this description:
The Kernel CEIP (Customer Experience Improvement Program) task collects additional information about the system and sends this data to Microsoft. If the user has not consented to participate in Windows CEIP, this task does nothing.
I disabled it too.
I'm sure I would never have agreed to participate in the Windows Customer Experience Improvement Program, but I'm hard pressed to remember ever being asked.
Out of curiosity, I did a Windows 7 start menu search for "customer experience" and found the window shown below. Despite opting out, the KernelCeipTask was running every Thursday. Microsoft says it will do nothing, but I prefer that it doesn't run at all.
Also part of the CEIP is a task called Consolidator that runs program wsqmcons.exe in the C:\Windows\System32\ folder. This task too "collects and sends usage data to Microsoft." Not any more.
The source for the Consolidator task was "Windows Customer Experience Improvement Program", so, to be sure that I had tracked down all these tasks, I sorted the table on the Source column. It was the only task with that Source, but sorting pointed up that there were four tasks with a source of "Microsoft Windows SideShow services". I'm pretty sure that I don't use SideShow services. Three of the tasks (SystemDataProviders, SessionAgent and AutoWake) were disabled, so I disabled the last one, GadgetManager.
Yet another task, GatherNetworkInfo, collects information though it is not clear why. The description is "Network information collector" and the source is "Microsoft Windows Network Trace". It runs script gatherNetworkInfo.vbs in the C:\Windows\system32 folder. I have seen it before on many Windows 7 machines, thanks to Autoruns, and can attest that the world won't end if its disabled.
The SR task makes Restore Points (a.k.a. system protection points or checkpoints). For years, I wondered how often it ran, and now I know. It runs both daily and at boot time.
The laptop I use daily, boots once a month, mostly it is suspended between uses. Despite the SR task being scheduled to run daily, TaskSchedulerView showed that it missed 6 runs. Maybe this explains why Windows 7 is so poor at making regular checkpoints, something that XP did quite reliably.
On another Windows 7 machine, the SR task was also scheduled to run both at boot time and daily. Yet, the machine had not one scheduled Restore Point.
Another interesting task is called RegIdleBackup. According to its description it is the "Registry Idle Backup Task" and it runs regidle.dll every 10 days. It is interesting for two reasons.
First, why does it exist at all, since the registry is backed up by System Restore? Second, if a Windows 7 machine will not boot, or gets infected with malware, you may be able to boot the machine using a non-infected system (perhaps a Live Linux CD or Windows PE) and copy the backup registry. Assuming the bad guys have no read this article. Look for the backup in C:\Windows\System32\config\RegBack.
On a laptop that shipped with an SSD, I found that the ScheduledDefrag task runs every day. According to its description, "This task defragments the computers hard disk drives." It runs program defrag.exe in the Window\system32 folder. When the machine was new, I verified that scheduled defrags were disabled, as they should be for SSDs, and they still are as shown below.
Yet, the defrag task is still scheduled to run every Wednesday at 1AM. I disabled it.
If you do not use the off-line files feature of Windows 7, you can disable the Logon Synchronization task that runs at logon time.
Not to imply that all scheduled tasks are bad, I was glad to run across IpAddressConflict1 and IpAddressConflict2, which are triggered when an IP address conflict is detected.
Perhaps, with some research, you may be able to disable the thirteen tasks whose description starts with "Privileged Media Center". Although their status was "Ready" none of them had actually run.
Finally, a note about seeing all the scheduled tasks.
According to the documentation
After running TaskSchedulerView, the main window displays the details of most tasks from the Task Scheduler of Windows. However, some of the tasks cannot be accessed without full administrator privileges. In order to view all tasks, you can easily run TaskSchedulerView as Administrator by pressing Ctrl+F11.
To be clear, even if you are logged on to Windows as an Administrator, you will still need to press Control+F11 before TaskSchedulerView can display every scheduled task. This super Administrator mode is also required to disable any tasks. If you forget, the program reminds you (see below). It does not, however, remind you that without Control+F11 you are not seeing the entire database.
Two other Customer Experience Improvement Program tasks become visible in Administrator mode, ProgramDataUpdater and AitAgent. The first "Collects program telemetry information" while the latter "Aggregates and uploads Application Telemetry information". Both tasks are scheduled to run daily, and I found that they had been running.
While playing with TaskSchedulerView, I was also setting up a new 64 bit Windows 7 system for someone moving off XP. This person likes to play Bridge, so I tried to install an old program called EZBridge. The program failed to install even in compatibility mode. According to Autoruns, the failed installation left behind two scheduled tasks. However, when I tried to delete them, Autoruns crashed.
So, I tried TaskSchedulerView. It found four tasks related to EZBridge. Two were running EZBridge itself, and two were running pcalua.exe. I disabled all four.
As far as I could tell, Microsoft does not document the purpose of scheduled tasks other than the single "description" field which isn't much to go on. Thus, it's best to be cautious when making changes to the scheduler database.
That said, a review of the database is probably time well spent, not just for the education, but in case it turns up some hidden malware.
TaskSchedulerView is a great little program. Thank you, Nir Sofer.
-----
*The task scheduler database, in Windows 7, is stored in C:\Windows\System32\Tasks. There are many sub-folders in the Tasks folder and the Folder field that TaskSchedulerView displays, refers to the sub-folder within the Tasks folder where this particular task is defined. You see the same thing in the folder tree when using the normal Windows 7 scheduler interface.