I'm trying to create a scheduled task that will run once daily on a dedicated machine. The task will run an exe. That exe does a bunch of things, including running automation that manipulates the mouse/kb etc.
Is that possible (on any windows based OS)?
Sure...leave the user that the scheduled task runs as logged in and set the task option to only run when the user is logged in.
I believe you can use schtasks as well: http://msdn.microsoft.com/en-us/library/windows/desktop/bb736357%28v=vs.85%29.aspx using the /IT parameter but again I think it only works if the actual user is logged in that the task runs as.
Other than that, you can use FireDaemon to have an interactive session run a task as a service.
Yes, it's pretty counter-intuitive. If you select "run whether user is logged on or not" It's going to ask for the password of the user whose account you're using.
But if you select "Run only when user is logged on" It won't ask you for the user's password.
There is a principal that could achieve this (USERS) click on change user and type (USERS), see below
If you actually export this task with the USERS Principal to its RAW XML output using command line you will see the following
S-1-5-32-545The Group ID is the secret sauce here and is what determines the security context under which the task will run
There are other principals that use well known SIDs as well (SYSTEM and INTERACTIVE)
I would recommend for good understanding of SIDs in Windows to read https://docs.microsoft.com/en-US/windows/security/identity-protection/access-control/security-identifiers
and then a good understanding of interfacing with Task Scheduler using Command line and Custom XML files in addition to the GUI
https://www.scriptjunkie.us/2013/01/running-code-from-a-non-elevated-account-at-any-time/