So, the first location is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree where the main list of tasks is stored. The SD key is the security descriptor for that task in binary format. Each task has an Id key that references the same key inside HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks and there you can see the security descriptor in SDDL format. If I were to modify both those locations, could I get management permission to disable tasks like Microsoft\Windows\UpdateOrchestrator\Schedule Retry Scan or Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck? Or are there more places to check? Should I worry too about the content inside the files on c:\Windows\System32\Tasks\? Thanks in advance. BTW: I don't want to brute-force through this with RunAsTI, Nsudo or similar tools. Just an administrator account or common user with elevated permission.