Allow a domain user to start a scheduled task remotly?
I have three Server 2008 boxes where I need to start a scheduled task on demand from a central script server.
User "ScriptUser" is setup as the "Run as" account in the scheduled task on all three servers.
When I attemt to run schtasks.exe /change /enable /s ,server> /tn "Start Remote STSAdmin", I get "ERROR: Access is denied."
If I put "ScriptUser" in the lcal Administrators group on those servers, the schtasks runs fine.
However, I do not want to run this as a local administrator.
Is ther any way to give a domain user access to run or enable a scheduled task remotly?
Karl
http://unlockpowershell.wordpress.com
-join("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})
January 10th, 2011 4:54pm
On Mon, 10 Jan 2011 21:50:50 +0000, Karl Mitschke wrote:
When I attemt to run schtasks.exe /change /enable /s?,server> /tn "Start Remote STSAdmin", I get "ERROR: Access is denied."
If I put "ScriptUser" in the lcal Administrators group on those servers, the schtasks runs fine.
However, I do not want to run this as a local administrator.
From the Technet page on STSAdmin (my emphasis added):
Microsoft Office SharePoint Server 2007 includes the Stsadm tool for
command-line administration of Office SharePoint Server 2007 servers and
sites. Stsadm is located at the following path on the drive where
SharePoint Products and Technologies is installed:
%COMMONPROGRAMFILES%\microsoft shared\web server extensions\12\bin.
You must be an administrator on the local computer to use Stsadm.
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Want custom ringtones on your Windows Phone 7 device?
Your fault -- core dumped.
Free Windows Admin Tool Kit Click here and download it now
January 10th, 2011 5:19pm
Thanks, Paul.
Although the task is "Start Remote STSAdmin", I am not actually running stsadmn.exe
I am running a customized version of
http://netstsadm.codeplex.com/ - I customized it to run on startup.
If I use a local administrator account to start the NetstsadmService.exe on the sharepoint server I can gather the data fine with my domain user account.
Karlhttp://unlockpowershell.wordpress.com
-join("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})
January 10th, 2011 5:28pm
Oh, and just in case it isn't clear, the task is still running as my domain user, so it isn't aproblem in the task I am running, it's simply a problemn of starting or changing the task as a domain user.
My Domain user is in the PowerUsers group on the sharepoint servers also.
Karl
http://unlockpowershell.wordpress.com
-join("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})
Free Windows Admin Tool Kit Click here and download it now
January 10th, 2011 5:30pm
Hi,
Administrator right is required to run scheduled task on a remote computer.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/view_remote.mspx?mfr=true
Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can
be beneficial to other community members reading the thread.
January 17th, 2011 1:50am
Jason;
Using schtasks.exe, I can "See" the scheduled task.
I just need to know what permissions I need to have to start it.
There must be some set of permissions I can modify, other than being a server administrator.
Karlhttp://unlockpowershell.wordpress.com
-join("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})
Free Windows Admin Tool Kit Click here and download it now
January 18th, 2011 11:21am
On Tue, 18 Jan 2011 16:20:22 +0000, Karl Mitschke wrote:
Using schtasks.exe, I can "See" the scheduled task.
I just need to know what permissions I need to have to start it.
There must be some set of permissions I can modify, other than being a server administrator.
If it launches a command prompt, try changing the DACL on cmd.exe.
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Remember the good old days, when CPU was singular?
January 18th, 2011 2:44pm
Paul;
It's a windows process...
However, I shall investigate the dacl on the windows application.
Karlhttp://unlockpowershell.wordpress.com
-join("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})
Free Windows Admin Tool Kit Click here and download it now
January 18th, 2011 3:29pm