# Task Trigger A Trigger adds automation to the Scheduled Task. While I have a Scheduled Task that allows a Standard User to change their Execution Policy, the User may forget to change things back. There are many types of Triggers that can be set, and I suggest reading about them from Microsoft {% embed url="" %} In my case, I want to set the Execution Policy back to Restricted as soon as the computer is rebooted, so I will add a Trigger to set things back to Restricted the next time the Computer is restarted. Its easy enough to Splat the setting and add it to the Task using **`New-ScheduledTaskTrigger`** ``` $Trigger = @{ AtStartup = $true } $ScheduledTask = @{ Action = New-ScheduledTaskAction @Action Principal = New-ScheduledTaskPrincipal @Principal Settings = New-ScheduledTaskSettingsSet @Settings Trigger = New-ScheduledTaskTrigger @Trigger Description = $Description } ``` ## Full Script Here is a copy of the full script. I have modified the Description a bit and added a Version ``` #Requires -RunAsAdministrator $TaskName = 'Set-ExecutionPolicy Restricted AtStartup' $TaskPath = '\Corporate\PowerShell' $Description = @" Version 21.1.18 Set-ExecutionPolicy Restricted -Force Runs as SYSTEM at system startup and does not display any progress or results "@ $Action = @{ Execute = 'powershell.exe' Argument = 'Set-ExecutionPolicy Restricted -Force' } $Principal = @{ UserId = 'SYSTEM' RunLevel = 'Highest' } $Settings = @{ AllowStartIfOnBatteries = $true Compatibility = 'Win8' MultipleInstances = 'Parallel' ExecutionTimeLimit = (New-TimeSpan -Minutes 60) } $Trigger = @{ AtStartup = $true } $ScheduledTask = @{ Action = New-ScheduledTaskAction @Action Principal = New-ScheduledTaskPrincipal @Principal Settings = New-ScheduledTaskSettingsSet @Settings Trigger = New-ScheduledTaskTrigger @Trigger Description = $Description } New-ScheduledTask @ScheduledTask | Register-ScheduledTask -TaskName $TaskName -TaskPath $TaskPath -Force $Scheduler = New-Object -ComObject "Schedule.Service" $Scheduler.Connect() $GetTask = $Scheduler.GetFolder($TaskPath).GetTask($TaskName) $GetSecurityDescriptor = $GetTask.GetSecurityDescriptor(0xF) if ($GetSecurityDescriptor -notmatch 'A;;0x1200a9;;;AU') { $GetSecurityDescriptor = $GetSecurityDescriptor + '(A;;GRGX;;;AU)' $GetTask.SetSecurityDescriptor($GetSecurityDescriptor, 0) } ``` ## Task Scheduler Everything looks great. Now when the computer is restarted, the Execution Policy will always be set to Restricted ![](/files/-MRJHVa4spuW3L9Ba8Bw) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.osdeploy.com/archive/blog/2021/scheduled-tasks/task-trigger.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.