Run deligated scheduled task on remote server via PS without admin rights

Welcome Forums General PowerShell Q&A Run deligated scheduled task on remote server via PS without admin rights

This topic contains 5 replies, has 2 voices, and was last updated by

 
Participant
1 year ago.

  • Author
    Posts
  • #83552

    Participant
    Points: 1
    Rank: Member

    Hi,

    I'm trying to allow a non-admin user to run a scheduled task via PS, without giving out more permissions than required.
    So far, i have given the user Read+Execute rights on the task file located in C:\Windows\System32\Tasks. This allowed the user to see and run the task in the GUI and Start-ScheduledTask -TaskName "taskname" locally via RDP. But when i try to do the same PS command via invoke command from a workstation, it fails.

    How can i get this working without delegating unnecessary permissions?

  • #83555
    Jon

    Participant
    Points: 23
    Rank: Member
    • #83558

      Participant
      Points: 1
      Rank: Member

      I forgot to mention that i had added the user to the Remote Management Users group, and testet that Invoke-Command servername {hostname} works.

  • #83561

    Participant
    Points: 1
    Rank: Member

    I have had some progress in my testing. My solution works for me, but i'd like to know why it behaves like this..

    # This works.
    Invoke-Command -ComputerName servername -ScriptBlock {schtasks /run /tn "taskname"}
    
    # This doesn't.
    Invoke-Command -ComputerName servername -ScriptBlock {Start-ScheduledTask -TaskName "taskname"}
    
  • #83563
    Jon

    Participant
    Points: 23
    Rank: Member

    What error message do you get?

    • #83564

      Participant
      Points: 1
      Rank: Member
      Cannot connect to CIM server. Access denied
          + CategoryInfo          : ResourceUnavailable: (PS_ScheduledTask:String) [Start-ScheduledTask], CimJobException
          + FullyQualifiedErrorId : CimJob_BrokenCimSession,Start-ScheduledTask
          + PSComputerName        : servername
      

      Let me add that the user is a part of the "Protected Users" group.

The topic ‘Run deligated scheduled task on remote server via PS without admin rights’ is closed to new replies.