invokethreatguy/privtasks.ps1

## privtasks.ps1
$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
if (-Not $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
  Write-Warning "We don't have elevated privileges. The following results may not be complete."
}
schtasks /query /fo csv -v | ConvertFrom-Csv | ? {$_.Status -notlike "Disabled" -and $_.TaskName -notlike "\Microsoft\Windows\*" -and $_.TaskName -notlike "\Microsoft\Office\*" -and $_.TaskName -notlike "\Microsoft\XblGameSave\*" -and $_.TaskName -notlike "TaskName" -and ($_."Run As User" -like "*system" -or  $_."Run As User" -like "Administrator*")} | fl taskname,"Comment","Task To Run","Run As User"
	$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
	if (-Not $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
	Write-Warning "We don't have elevated privileges. The following results may not be complete."
	}
	schtasks /query /fo csv -v \| ConvertFrom-Csv \| ? {$_.Status -notlike "Disabled" -and $_.TaskName -notlike "\Microsoft\Windows\" -and $_.TaskName -notlike "\Microsoft\Office\" -and $_.TaskName -notlike "\Microsoft\XblGameSave\" -and $_.TaskName -notlike "TaskName" -and ($_."Run As User" -like "system" -or $_."Run As User" -like "Administrator*")} \| fl taskname,"Comment","Task To Run","Run As User"