by lfarnsworth at 2013-01-28 08:20:38
I have a script to check for GPOs that are not linked to any OUs. I'm trying to run the script as a scheduled task using a lower privileged account. The script runs, but it does not find any GPOs, which I know exists. If I log into the server, that the script runs on, with the lower privileged account and run the script from PS prompt, it finds the unlinked GPOs. If I run the scheduled task using my domain admin account, it finds the unlinked GPOs. It is only when I run the scheduled task with the lower privileged account that it does not find the unlinked GPOs.
Does anyone have any ideas what is going on?
by DonJ at 2013-01-28 12:37:52
It's possible that the lower-permissioned account doesn't have the privileges needed to be used by Task Scheduler.
by JonBryce at 2013-01-29 15:08:35
Don's almost certainly right – but I do this sort of thing too, and have scheduled tasks that start a BAT file, that in turn run a Powershell script. The trap I've fallen into with this, is when I forget to get the directory right in the BAT file before starting the Powershell.exe to run the script.
If it works from the Powershell prompt, but not from the Task scheduler, then the directory (as well as the user privileges) is also an environment thing to worry about.
by lfarnsworth at 2013-01-30 09:27:33
I also have the scheduled task start a BAT file, which runs the PS script. I've checked the directory in the BAT file and it is correct. Actually, when I log in with the lower privileged account, I run the BAT file instead of running the PS script directly. The account has the permissions to the directory. What additional privileges would be required by the Task Scheduler that would not be required while logged in? I'm running the task with highest privileges.
by DonJ at 2013-01-30 09:35:33
"Permissions" aren't the same as "privileges." For example, "Log in interactively" is a privilege all user accounts typically have; "Log in as a service" is not. I'm not sure what privilege Task Scheduler is trying to exert, but it can make a difference. This has nothing to do with permissions, a la NTFS permissions to a directory.