alimbada/Kill App Scheduled Task.xml

## Kill App Scheduled Task.xml
<?xml version="1.0" encoding="UTF-16"?>
<!--
Pre-requisites: (see https://superuser.com/questions/745318/how-to-start-a-program-when-another-one-is-started)
    Start and enter secpol.msc into the Run box
    Navigate to Local Policies/Audit Policy
    Double Click Audit process tracking and enable Success
-->
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2019-09-30T12:39:02.4100122</Date>
    <Author>.\Ammaar.Limbada</Author>
    <URI>\Ammaar.Limbada\Kill dReboot</URI>
  </RegistrationInfo>
  <Triggers>
    <EventTrigger>
      <Enabled>true</Enabled>
      <Subscription>&lt;QueryList&gt;&lt;Query Id="0" Path="Security"&gt;&lt;Select Path="Security"&gt;*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and Task = 13312 and (band(Keywords,9007199254740992)) and (EventID=4688)]]
   and
     *[EventData[Data[@Name='NewProcessName'] and (Data='C:\Program Files (x86)\LANDesk\LDClient\ldReboot.exe')]]
   &lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>
    </EventTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>S-1-5-21-296251794-841242362-538272213-12850</UserId>
      <LogonType>InteractiveToken</LogonType>
      <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>taskkill</Command>
      <Arguments>/IM ldReboot.exe /F</Arguments>
    </Exec>
  </Actions>
</Task>
	<?xml version="1.0" encoding="UTF-16"?>
	<!--
	Pre-requisites: (see https://superuser.com/questions/745318/how-to-start-a-program-when-another-one-is-started)
	Start and enter secpol.msc into the Run box
	Navigate to Local Policies/Audit Policy
	Double Click Audit process tracking and enable Success
	-->
	<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
	<RegistrationInfo>
	<Date>2019-09-30T12:39:02.4100122</Date>
	<Author>.\Ammaar.Limbada</Author>
	<URI>\Ammaar.Limbada\Kill dReboot</URI>
	</RegistrationInfo>
	<Triggers>
	<EventTrigger>
	<Enabled>true</Enabled>
	<Subscription><QueryList><Query Id="0" Path="Security"><Select Path="Security">*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and Task = 13312 and (band(Keywords,9007199254740992)) and (EventID=4688)]]
	and
	*[EventData[Data[@Name='NewProcessName'] and (Data='C:\Program Files (x86)\LANDesk\LDClient\ldReboot.exe')]]
	</Select></Query></QueryList></Subscription>
	</EventTrigger>
	</Triggers>
	<Principals>
	<Principal id="Author">
	<UserId>S-1-5-21-296251794-841242362-538272213-12850</UserId>
	<LogonType>InteractiveToken</LogonType>
	<RunLevel>LeastPrivilege</RunLevel>
	</Principal>
	</Principals>
	<Settings>
	<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
	<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
	<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
	<AllowHardTerminate>true</AllowHardTerminate>
	<StartWhenAvailable>false</StartWhenAvailable>
	<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
	<IdleSettings>
	<StopOnIdleEnd>true</StopOnIdleEnd>
	<RestartOnIdle>false</RestartOnIdle>
	</IdleSettings>
	<AllowStartOnDemand>true</AllowStartOnDemand>
	<Enabled>true</Enabled>
	<Hidden>false</Hidden>
	<RunOnlyIfIdle>false</RunOnlyIfIdle>
	<WakeToRun>false</WakeToRun>
	<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
	<Priority>7</Priority>
	</Settings>
	<Actions Context="Author">
	<Exec>
	<Command>taskkill</Command>
	<Arguments>/IM ldReboot.exe /F</Arguments>
	</Exec>
	</Actions>
	</Task>