Returning info, scheduled task, managed service account

This topic contains 1 reply, has 2 voices, and was last updated by  Don Jones 1 month, 1 week ago.

  • Author
    Posts
  • #96830

    DBabsJr
    Participant

    I'm having trouble with a script that runs as a scheduled task under a group managed service account. Everything works fine under an account or with a regular account assigned to the task, but when using the system account or a group managed service account I'm having trouble assigning and using values that should be being assigned to a variable.
    The variable is assigned as:
    $WebRequest = Invoke-WebRequest -Uri “some web address" -Credential $credential

    Which returns something like:
    StatusCode : 200
    StatusDescription : OK
    Content : good
    RawContent : HTTP/1.1 200 OK
    Connection: keep-alive
    X-Varnish: 1713844308
    Age: 0

    I'm sending an email with the info, but it is empty if the scheduled task is run under the group managed service account or the local system account. The task runs and the email is sent, but anything I try to use, like ($Webrequest).StatusCode, is empty. If I assign a value to $WebRequest manually before the command is run, I'll get the manually assigned value as if it's never run, but if I use a Uri of a webserver I can see the logs of I see the connection. Other manually assigned values from other variables are available as well. I'm sure there's a reason this doesn't work, but I can't find it and would really like to know. Has anyone seen something like this before? This is on a domain controller if that makes a difference, but the same thing happens on a non-DC.

  • #98853

    Don Jones
    Keymaster

    Those accounts are deliberately pretty limited in what they can do, and the local system account as an example has no authority off-machine. Like, anything it does off-machine will appear as anonymous/unauthenticated. It's likely Invoke-WebRequest is failing for that reason.

You must be logged in to reply to this topic.