locked
AD Rights: deleting profile on remote server RRS feed

  • Question

  • Hi, 

    I Setted a powershell script, that allows the deletion of local profiles on remote server.

    I woud like to know which minimum rights to set to permit an account to scheduled task to launch my powershell and delete the profile on remote servers

    To resume i would like to set the minimum rights to the account that will use to launch the script that delete the remote profile.

    Regards,

    Sunday, April 26, 2020 10:06 AM

Answers

  • This requires a membership in the local Administrators group on the target server - not Domain Admin privileges

    hth
    Marcin

    • Marked as answer by darphboubou Tuesday, April 28, 2020 4:32 AM
    Monday, April 27, 2020 10:12 AM

All replies

  • By default, this requires the membership in the Administrators group on the remote server

    hth
    Marcin

    Sunday, April 26, 2020 4:09 PM
  • Hi,

    Thank you for posting in our TechNet forum.

    Have you checked the information provided? Hope it will be helpful.

    According to the case in the below link, "If your account is a standard account, you will not have permission to create task or schedule task. Your account would have to be an administrator account to schedule task for the system or it would have to be run as the administrator. "

    To check more discussion about this issue, we could refer to:
    https://answers.microsoft.com/en-us/windows/forum/windows_7-security/permission-to-createrun-scheduled-task/f1a1f297-eb3a-4985-a3c7-b1531f6ae4dc?auth=1

    https://serverfault.com/questions/256196/windows-scheduled-task-what-are-the-minimum-user-rights-needed-for-the-task

    For any question, please feel free to contact us.

    Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.

    Best regards,
    Hannah Xiong

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, April 27, 2020 2:25 AM
  • Hi,

    Thanks for the reply, but my issue is not how to create a scheduled task (i'm enterprise admin).

    But which permission is needed to delete local profiles on remote computer, if i launch the tack with my credential account is works fine of course. But i want to launch this task with a service account and so give him the lowest rights.

    And so if i undestand well the rights needed for my service account is domain admin! That s it?

    Regards

    Monday, April 27, 2020 8:24 AM
  • This requires a membership in the local Administrators group on the target server - not Domain Admin privileges

    hth
    Marcin

    • Marked as answer by darphboubou Tuesday, April 28, 2020 4:32 AM
    Monday, April 27, 2020 10:12 AM