Create a group (either server local, or domain global) Example : "RunTasks"
Add any members you want to have the ability to run the task to the group.
Note, creating a domain global group is easier to manage in the long run.
If the non-administrator account is currently logged on, log off and back on
to get the new security descriptor.
Create a temporary folder at c:\ for example: "C:\TempTask"
Run "Xcopy c:\windows\tasks c:\TempTask"
Run "Cacls c:\Windows\Tasks > c:\TaskPerms.txt"
Run "Cacls c:\TempTask /s > c:\Temp\OriginalPermString.Txt (Save this file,
this has the original permissions in it in case you need to return)
Default Perm string for c:\Windows\Tasks =
Edit the permissions on folder c:\TempTask (Add the new group with "Change"
permissions on the folder, subfolder, and files.
Run "Cacls C:\TempTask /s > c:\Temp\NewPerms.txt" (The NewPerms.txt file
will have your new permissions for the Tasks Folder)
Copy the SDDL string from NewPerms.txt (This is everything in the Quotes ""
Command as "cacls c:\windows\tasks /s:"the String from the NewPerms.txt
file" (It may be easier to enter it in Notepad and then copy it as a whole
Run that command to set the permissions on the c:\windows\tasks folder.
Set the permissions on the "Task Scheduler" service
Download Subinacl.exe from Microsoft
Create a command...
SubInAcl /Service Schedule /Grant=RunTasks=F (Replace RunTasks with
domain\username or Domain\Groupname or simply the group name if it's a server
Test the schtasks /Run /TN TaskName command