I am trying to do the UAC bypass bug with task scheduler, only instead of using the GUI tool, I am trying to do it with schtasks.exe (the equivalent command-line tool). I managed to do the same more or less, except for the most important part - the "run with highest privileges".
The task scheduler bug making this all possible - http://www.petri.co.il/bypass-uac-using-desktop-shortcut.htm
This is the command I tried:
schtasks /create /tn name /tr notepad.exe /sc once /st 00:01 /RL highest
When I add /RL highest, it says ERROR: Access is denied
. This doesn't happen when I use the task scheduler.
You cannot create a task that runs elevated unless you are elevated yourself.
In other words, you need to run schtasks elevated.
The reason this works from Task Scheduler is that running Task Scheduler automatically prompts you for elevation (while schtasks does not, as is normal for command-line tools).
(I wouldn't say it's a bug that Task Scheduler allows tasks to run elevated, either. As you have found out, it does not provide a way for unelevated code to become elevated.)