I was trying to extract the list of scheduled tasks in a number of remote computers, and found this schtasks.exe
. I put this inside a powershell script and run against a list of servers, and almost 80% of the servers returned the results. This was the command I used.
$Output = & schtasks.exe /query /v /s $Server /fo csv 2>&1
I am wondering which port it used to connect to the remote computer and extracted the data, because this is a very controlled environment with non standard ports are not open. I also need to find out why the 20% of servers failed, perhaps some port is not open there ? I understand from here that powershell remote uses TCP/5985 = HTTP and TCP/5986 = HTTPS, but from what i checked, these ports are not open.
Best Answer
Using
procmon
fromsysinternals
shows thatschtasks
uses theepmap
port.epmap
is port 135 (Endpoint Mapper). After that, the conversation seems to continue on a newly created connection at port49154
. Repeating the excercise always uses port49154
so I assume thatschtasks
needs port135
and49154
to be able to get a response from a remote server.Edit cudo's to Barry
schtasks.exe definitely connects via port 135, then uses a dynamic port ranging from 49152 to 65535, source docs.microsoft.com/en-us/troubleshoot/windows-server/networking/…. What I've observed is that it will consistently use one port for a while, and then for reasons that I haven't discovered it will start using another port