In the new version 1.25.0 the hook scripts work under windows. There are still character set errors, e.g. if you output German umlauts in the script, but the scripts run error-free. Therefore, the installation via python is only necessary if you want to use plugins. Otherwise you can use the normal installation file.
Any program started in the hook script must also be terminated, otherwise certbot will wait for the program to exit before continuing its execution. That can't be changed, unfortunately. Way out: you do not start 'certbot renew' directly in the task scheduler, but in a batch file and then start the required programs in this batch file. If you want to make startup dependent on a successful renewal of a certificate, you have to work with environment variables that you can set in a deploy-hook.
-edit
Assignment of rights: After further testing I have to correct my opinion. The desired functionality is already available. Any process running with administrator or system privileges can easily access it. Each user who is to access the certificates is given read rights in the two folders live and archive with the value 'This folder, subfolders and files' for 'Apply To'.