none
Allow a domain user to start a scheduled task remotly?

    Question

  • I have three Server 2008 boxes where I need to start a scheduled task on demand from a central script server.

    User "ScriptUser" is setup as the "Run as" account in the scheduled task on all three servers.

    When I attemt to run schtasks.exe /change /enable /s ,server> /tn "Start Remote STSAdmin", I get "ERROR: Access is denied."

    If I put "ScriptUser" in the lcal Administrators group on those servers, the schtasks runs fine.

    However, I do not want to run this as a local administrator.

    Is ther any way to give a domain user access to run or enable a scheduled task remotly?

    Karl

     


    http://unlockpowershell.wordpress.com
    -join("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})
    Monday, January 10, 2011 9:50 PM

All replies

  • On Mon, 10 Jan 2011 21:50:50 +0000, Karl Mitschke wrote:

    When I attemt to run schtasks.exe /change /enable /s?,server> /tn "Start Remote STSAdmin", I get "ERROR: Access is denied."

    If I put "ScriptUser" in the lcal Administrators group on those servers, the schtasks runs fine.

    However, I do not want to run this as a local administrator.

    From the Technet page on STSAdmin (my emphasis added):

    Microsoft Office SharePoint Server 2007 includes the Stsadm tool for
    command-line administration of Office SharePoint Server 2007 servers and
    sites. Stsadm is located at the following path on the drive where
    SharePoint Products and Technologies is installed:
    %COMMONPROGRAMFILES%\microsoft shared\web server extensions\12\bin.
    You must be an administrator on the local computer to use Stsadm.


    Paul Adare
    MVP - Identity Lifecycle Manager
    http://www.identit.ca
    Want custom ringtones on your Windows Phone 7 device?
    Your fault -- core dumped.

    Monday, January 10, 2011 10:15 PM
  • Thanks, Paul.

    Although the task is "Start Remote STSAdmin", I am not actually running stsadmn.exe

    I am running a customized version of http://netstsadm.codeplex.com/ - I customized it to run on startup.

    If I use a local administrator account to start the NetstsadmService.exe on the sharepoint server I can gather the data fine with my domain user account.

    Karl


    http://unlockpowershell.wordpress.com
    -join("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})
    Monday, January 10, 2011 10:23 PM
  • Oh, and just in case it isn't clear, the task is still running as my domain user, so it isn't  aproblem in the task I am running, it's simply a problemn of starting or changing the task as a domain user.

    My Domain user is in the PowerUsers group on the sharepoint servers also.

    Karl

     


    http://unlockpowershell.wordpress.com
    -join("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})
    Monday, January 10, 2011 10:30 PM
  • Hi,

    Administrator right is required to run scheduled task on a remote computer.

    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/view_remote.mspx?mfr=true

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, January 17, 2011 6:50 AM
  • Jason;

    Using schtasks.exe, I can "See" the scheduled task.

    I just need to know what permissions I need to have to start it.

    There must be some set of permissions I can modify, other than being a server administrator.

    Karl


    http://unlockpowershell.wordpress.com
    -join("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})
    Tuesday, January 18, 2011 4:20 PM
  • On Tue, 18 Jan 2011 16:20:22 +0000, Karl Mitschke wrote:

    Using schtasks.exe, I can "See" the scheduled task.

    I just need to know what permissions I need to have to start it.

    There must be some set of permissions I can modify, other than being a server administrator.

    If it launches a command prompt, try changing the DACL on cmd.exe.


    Paul Adare
    MVP - Identity Lifecycle Manager
    http://www.identit.ca
    Remember the good old days, when CPU was singular?

    Tuesday, January 18, 2011 7:43 PM
  • Paul;

    It's a windows process...

    However, I shall investigate the dacl on the windows application.

    Karl


    http://unlockpowershell.wordpress.com
    -join("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})
    Tuesday, January 18, 2011 8:28 PM