# Get-ScheduledTask

# List scheduled tasks

...specifically that exclude Microsoft or OneDrive in the name, and also shows tasks that are not disabled:

Get-ScheduledTask | Where-Object {
    $_.TaskPath -notlike "\Microsoft*" -and
    $_.TaskName -notmatch "OneDrive" -and
    $_.State -ne 'Disabled'
} | ForEach-Object {
    $info = $_ | Get-ScheduledTaskInfo
    $definition = $_.Actions | Select-Object -ExpandProperty Execute
    [PSCustomObject]@{
        TaskName = $_.TaskName
        TaskPath = $_.TaskPath
        State    = $_.State
        RunAs    = $_.Principal.UserId
        Action   = $definition
        LastRun  = $info.LastRunTime
    }
} | Format-Table -AutoSize

# List specific task info

# Get the task basic information

Get-ScheduledTask -TaskName "SampleTask"

# Get details on a specific task name (to understand what it runs/does)

(Get-ScheduledTask -TaskName "NameOfTask").Actions | Format-List *

# Show the detailed info (runtime state, last run, etc.)

Get-ScheduledTaskInfo -TaskName "SampleTask"

# Dump everything (properties + nested objects)

Get-ScheduledTask -TaskName "SampleTask" | Format-List *

# Export a task XML for analysis

Export-ScheduledTask -TaskName "NameOfTask" -TaskPath "\" > "C:\users\public\nameoftask.xml"

# Stealing tickets with scheduled tasks

While not directly related to Get-ScheduledTask, I wanted to mention that the brilliant CCob gave me an idea (source: BloodHoundGang) for stealing tickets with a scheduled task sent to run klist.