Remoting working with normal logon but not scheduled task

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of David Zemdegs David Zemdegs 10 months, 2 weeks ago.

  • Author
    Posts
  • #34030
    Profile photo of David Zemdegs
    David Zemdegs
    Participant

    Greetings,
    I have a bit of code that collects event logs from domain controllers:

    Invoke-Command -ComputerName (Get-ADDomainController -filter * | select -ExpandProperty name) -ScriptBlock {

    xcopy 'E:\Maintenance\*.evt' "\\XXXXXXXXX\SecurityLogs$\$env:computername" /y /z
    del 'E:\Maintenance\*.evt'

    }

    When I rdp to the server that has this script and run it manually as a domain administrator then it works fine. On that same server I have created a scheduled task to run this script as a domain administrator account and it fails, presumably with access denied. The scheduled task has the "run with highest privileges" checkbox ticked. Why would running it manually work but not via a scheduled task please?
    Thanks
    David Z

  • #34111
    Profile photo of Stuart Fleck
    Stuart Fleck
    Participant

    What does you your scheduled task look like? are you trying to call powershell.exe then run the .ps1 file?

    I have seen it work setting execution policy to bypass when running the script

  • #34153
    Profile photo of David Zemdegs
    David Zemdegs
    Participant

    Thanks for that. Yes I am using powershell.exe. I added 'bypass' as you suggested and it worked – sort of. The script ran three times overnight and twice the 'copys' worked and once it didn't. Very strange – but as long as it works sometimes that will do.

    Cheers
    David Z

  • #34334
    Profile photo of David Zemdegs
    David Zemdegs
    Participant

    Now its not working at all. This is really weird. I'm trying to run this:

    Invoke-Command -ComputerName (Get-ADDomainController -filter * | select -ExpandProperty name) -ScriptBlock {
    
    $logfile = Get-WmiObject -Class win32_NTEventlogFile  -Filter "logFileName='Security'" 
    $dt = get-date -format "yyyyMMdd-HHmmss"
    $savelog = "E:\Maintenance\$env:computername-Security-$dt.evt"
    $logfile.ClearEventlog($savelog)
    move-item 'E:\Maintenance\*.evt' "\\xxxxx\SecurityLogs$\$env:computername" -force
    }
    

    and its failing on the move-item with:
    "The system detected a possible attempt to compromise security."

  • #34343
    Profile photo of David Zemdegs
    David Zemdegs
    Participant

    I though this might be a credssp thing but it has worked outside of a scheduled task so that cant be it.

You must be logged in to reply to this topic.