Remoting working with normal logon but not scheduled task

Welcome Forums General PowerShell Q&A Remoting working with normal logon but not scheduled task

This topic contains 4 replies, has 2 voices, and was last updated by

 
Participant
3 years, 1 month ago.

  • Author
    Posts
  • #34030

    Participant
    Points: 23
    Rank: Member

    Greetings,
    I have a bit of code that collects event logs from domain controllers:

    Invoke-Command -ComputerName (Get-ADDomainController -filter * | select -ExpandProperty name) -ScriptBlock {

    xcopy 'E:\Maintenance\*.evt' "\\XXXXXXXXX\SecurityLogs$\$env:computername" /y /z
    del 'E:\Maintenance\*.evt'

    }

    When I rdp to the server that has this script and run it manually as a domain administrator then it works fine. On that same server I have created a scheduled task to run this script as a domain administrator account and it fails, presumably with access denied. The scheduled task has the "run with highest privileges" checkbox ticked. Why would running it manually work but not via a scheduled task please?
    Thanks
    David Z

  • #34111

    Participant
    Points: 0
    Rank: Member

    What does you your scheduled task look like? are you trying to call powershell.exe then run the .ps1 file?

    I have seen it work setting execution policy to bypass when running the script

  • #34153

    Participant
    Points: 23
    Rank: Member

    Thanks for that. Yes I am using powershell.exe. I added 'bypass' as you suggested and it worked – sort of. The script ran three times overnight and twice the 'copys' worked and once it didn't. Very strange – but as long as it works sometimes that will do.

    Cheers
    David Z

  • #34334

    Participant
    Points: 23
    Rank: Member

    Now its not working at all. This is really weird. I'm trying to run this:

    Invoke-Command -ComputerName (Get-ADDomainController -filter * | select -ExpandProperty name) -ScriptBlock {
    
    $logfile = Get-WmiObject -Class win32_NTEventlogFile  -Filter "logFileName='Security'" 
    $dt = get-date -format "yyyyMMdd-HHmmss"
    $savelog = "E:\Maintenance\$env:computername-Security-$dt.evt"
    $logfile.ClearEventlog($savelog)
    move-item 'E:\Maintenance\*.evt' "\\xxxxx\SecurityLogs$\$env:computername" -force
    }
    

    and its failing on the move-item with:
    "The system detected a possible attempt to compromise security."

  • #34343

    Participant
    Points: 23
    Rank: Member

    I though this might be a credssp thing but it has worked outside of a scheduled task so that cant be it.

The topic ‘Remoting working with normal logon but not scheduled task’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort