How to check Remote Scheduled Task and SMB connection from Hunt controller to targeted host

ALERT LEGACY ARTICLE: The content in this article is no longer updated and is available for reference purposes only. Features and workflows described may be deprecated, significantly changed, or no longer supported.

Environment

Datto EDR

Description

Applicable to all Datto EDR versions

To test whether you can use remote scheduled tasks to send the survey to a targeted host from the Hunt Server or Hunt Controller machine

On the Hunt Server or the Machine hosting the Datto EDR Controller, open PowerShell as an administrator and run the following command where <computer IP or hostname> is the targeted endpoint:

schtasks /Query /S <computer IP or hostname> /U <domain\username> /P <password>

If you get a list of tasks from the target host, then remote scheduled tasks is working

To test if Datto EDR Hunt can create a task

Run the following command where <computer IP or hostname> is the targeted endpoint.

schtasks /Create /S <computer IP or hostname> /U <domain\username> /P <password> /SC HOURLY /TN doc /TR notepad

This will create a task that will open up notepad every hour, If successful, you will receive this response:

SUCCESS: The scheduled tasks "doc" has successfully been created

To remove that task, run this command:

schtasks /Delete /S <computer IP or hostname> /U <domain\username> /P <password> /TN doc

If successful you will receive this as a response:

WARNING: Are you sure you want to remove the task "doc" (Y/N)?

Type "y" and hit enter, and you will receive this response:

SUCCESS: The scheduled task "doc" was successfully deleted.

For more information on Remote Scheduled Tasks, see Microsoft's documentation on schtasks commands (external link).

Checking if file sharing over SMB

Now that we know we can communicate with a target host using remote scheduled tasks, we need to check if we can do file sharing over SMB. This test validates that we will be able to transfer our survey for execution through remote scheduled tasks.

To test this, we can use the following PowerShell command:

New-SmbMapping -LocalPath Z: -RemotePath \\<ip address or hostname>\C$ -UserName <username> -Password <password>

If successful, you should see this response:

Status Local Path Remote Path ------ ---------- ----------- OK Z: \\<ip address>\C$

If unsuccessful, a response of "The network path was not found" is common. This means that the Hunt server and the target host cannot do file sharing over SMB.

To remove the SMB connection, run this command:

Remove-SmbMapping -LocalPath Z:

It will ask you to confirm. Type "y" and press enter.

The SMB mapping will be deleted from your system.

For more information on using PowerShell to manage SMB connections, see Microsoft's article on New-SmbMapping (external link).

To connect from the Hunt server to the target host using SMB, we will be able to use remote scheduled tasks to drop the survey binary to run on the target host.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.