If you run a command like this it works fine to any remote machine
schtasks.exe /query /s SomePC /U MyAccount /P XXXXX
If you try to let it point back to your own machine you get an error-message
ERROR: User credentials are not allowed on the local machine.
BUT this is actually FALSE!!!
You get the same message whether you are pointing by name (with or without domain), a real IP, 127.0.0.1 or “localhost”.
IF you get the crazy idea and add an entry to your
\Windows\System32\Drivers\etc\Host. file, that has your pc’s IP and any name, e.g.
THEN the command works with that IP – but still not with the rest (nor the alias)
schtasks.exe /query /s 18.104.22.168 /U MyAccount /P XXXXX
This trick proves that it is NOT a limitation in the WinRM protocol nor
schtasks.exe, but an erroneous error message, as someone prohibited something that actually technically works just fine… (And is useful with other credentials!)
With the trick I guess the program makes a reverse lookup on the IP, and detect it as not the current pc name, and then proceeds processing the call through WinRM and not locally…
The bug and trick goes for both stand-alone machines and machines in a domain. (Only works for real IP not 127.0.0.1 though)
I stumbled upon it inventorying a range of PC’s with an administrative account, and found I was prohibited from querying the running machine with
schtasks.exe , and in a desperate attempt I tried an alias. Only to detect that did not work either, but then accidentally executed with the IP again before removing the Hosts entry….