How to Allow domain users to remotely launch a scheduled task on 2008 server
I need an end user to be able to kill & restart a process on a 2008 server. Currently, I have a task setup to do this automatically a few times a week, but the end user really needs to be able to do this on demand, without having to call helpdesk every time. (The task runs as local admin and starts a batch file to kill/restart the process. I understand it was possible in 2003 server to set permissions on a scheduled task so that a user could start the task, but I can't find any equivilant way to do this in 2008. When I try having the user start the task currently using schtasks, they get an access denied error. What do I need to change to give my end user permission to remotely start this task on a 2008 server? Or, is there a better way to allow the end user to remotely kill/restart a process that needs to run under the local admin account on the server?
January 11th, 2011 11:36am
Is this just not possible anymore in 2008? I've found several other people asking for the same thing online, but I've yet to find an answer.
January 14th, 2011 7:23am
Hi, Whether the user failed to run the task or the BAT file? If it is the task, you can have a try on using "SYSTEM" account to run the task. This can be changed in General tab when crating a task, by click the Change User or Group button. Meanwhile is it possible to create a local admin account without giving it logon permission and share it to the user, so that the user can use Run As to run the task? Shaon Shan |TechNet Subscriber Support in forum |If you have any feedback on our support, please contact firstname.lastname@example.org
January 17th, 2011 12:45am
The task is set to run as local admin, and it runs fine when it is scheduled. It's only when I have the user try to manually run it remotely with schtasks that it fails, giving 'access denied'. I supposed making a seperate local admin account for this would work, but I'd feel a lot more comfortable giving the user permission to run the scheduled task, as opposed to giving them a local admin account. Even without permission to log on, that seems like a much bigger security risk.
January 17th, 2011 5:53am
Please have a look on following thread: Windows Server 2008 Remote Service Management for Non-Administrators http://social.technet.microsoft.com/Forums/en/windowsserver2008r2general/thread/e02a8f01-b578-42aa-855a-33c7153bed23 It should help on your quesiton. Meanwhile I would like to know the current setting of the client user. As it can remote connect the Task Scheduler, what's the current security group of the account?Shaon Shan |TechNet Subscriber Support in forum |If you have any feedback on our support, please contact email@example.com
January 17th, 2011 9:31pm