How to Allow domain users to remotely launch a scheduled task on 2008 server
I need an end user to be able to kill & restart a process on a 2008 server. Currently, I have a task setup to do this automatically a few times a week, but the end user really needs to be able to do this on demand, without having to call helpdesk every time. (The task runs as local admin and starts a batch file to kill/restart the process. I understand it was possible in 2003 server to set permissions on a scheduled task so that a user could start the task, but I can't find any equivilant way to do this in 2008. When I try having the user start the task currently using schtasks, they get an access denied error. What do I need to change to give my end user permission to remotely start this task on a 2008 server? Or, is there a better way to allow the end user to remotely kill/restart a process that needs to run under the local admin account on the server?
January 11th, 2011 2:36pm
Is this just not possible anymore in 2008? I've found several other people asking for the same thing online, but I've yet to find an answer.
January 14th, 2011 10:23am
Hi, Whether the user failed to run the task or the BAT file? If it is the task, you can have a try on using "SYSTEM" account to run the task. This can be changed in General tab when crating a task, by click the Change User or Group button. Meanwhile is it possible to create a local admin account without giving it logon permission and share it to the user, so that the user can use Run As to run the task? Shaon Shan |TechNet Subscriber Support in forum |If you have any feedback on our support, please contact email@example.com
January 17th, 2011 3:45am
The task is set to run as local admin, and it runs fine when it is scheduled. It's only when I have the user try to manually run it remotely with schtasks that it fails, giving 'access denied'. I supposed making a seperate local admin account for this would work, but I'd feel a lot more comfortable giving the user permission to run the scheduled task, as opposed to giving them a local admin account. Even without permission to log on, that seems like a much bigger security risk.
January 17th, 2011 8:53am
Please have a look on following thread: Windows Server 2008 Remote Service Management for Non-Administrators http://social.technet.microsoft.com/Forums/en/windowsserver2008r2general/thread/e02a8f01-b578-42aa-855a-33c7153bed23 It should help on your quesiton. Meanwhile I would like to know the current setting of the client user. As it can remote connect the Task Scheduler, what's the current security group of the account?Shaon Shan |TechNet Subscriber Support in forum |If you have any feedback on our support, please contact firstname.lastname@example.org
January 18th, 2011 12:31am