none
Create Scheduled Task in GPOPref using System account - issue

    Question

  • Hi all,

    I'm trying to create a scheduled task (computer configuration) in GPOPref which is executed by the system account. Creating locally and running the task manually is running without issues.

    When I'm creating the task in a GPOPref using a domain account the task is installed on the targetsystem. When just changeing the account to System and run gpupdate the task is not deployed.

    Any hints or workaround? Thanks for you help in advance.

    Regards,

    Andreas

    Wednesday, December 17, 2014 2:38 PM

Answers

  • Hi all,

    manual editing the GPP XML seems to work.

    remove: runAs="NT AUTHORITY\System" logonType="InteractiveToken" from <properties>

    change:                     <UserId>NT AUTHORITY\System</UserId>
                        <RunLevel>HighestAvailable</RunLevel>
                        <LogonType>InteractiveToken</LogonType></Principal>

    to      <UserId>S-1-5-18</UserId>
          <RunLevel>HighestAvailable</RunLevel>

    within <Principal>

    Thanks an regards,

    Andreas

    • Marked as answer by Andreas Roth Wednesday, December 17, 2014 4:21 PM
    • Unmarked as answer by Andreas Roth Wednesday, December 17, 2014 4:21 PM
    • Marked as answer by Andreas Roth Wednesday, December 17, 2014 4:21 PM
    Wednesday, December 17, 2014 4:21 PM

All replies

  • if it helps.. there is a warning in applicationeventlog "0x8007052e Logon failure: unknown user name or bad password."  source: Group Policy Scheduled Tasks eventID: 4098

    Cheers,

    Andreas

    Wednesday, December 17, 2014 2:54 PM
  • > When I'm creating the task in a GPOPref using a domain account the task
    > is installed on the targetsystem. When just changeing the account to
    > System and run gpupdate the task is not deployed.
     
    Please post the XML of your task in the state that is not working (right
    click - all tasks - display xml).
     
    And as a hint: There's a german GP forum too -
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Wednesday, December 17, 2014 3:49 PM
  • Hi all,

    manual editing the GPP XML seems to work.

    remove: runAs="NT AUTHORITY\System" logonType="InteractiveToken" from <properties>

    change:                     <UserId>NT AUTHORITY\System</UserId>
                        <RunLevel>HighestAvailable</RunLevel>
                        <LogonType>InteractiveToken</LogonType></Principal>

    to      <UserId>S-1-5-18</UserId>
          <RunLevel>HighestAvailable</RunLevel>

    within <Principal>

    Thanks an regards,

    Andreas

    • Marked as answer by Andreas Roth Wednesday, December 17, 2014 4:21 PM
    • Unmarked as answer by Andreas Roth Wednesday, December 17, 2014 4:21 PM
    • Marked as answer by Andreas Roth Wednesday, December 17, 2014 4:21 PM
    Wednesday, December 17, 2014 4:21 PM