Powershell scripts not working properly when run by task scheduler

0
votes

I'm in the process of standing up a Windows Server 2019 system primarily used for running scripts via task scheduler. The scripts that have been working on the 2016 2012 servers before it no longer work on the new server. I have written simple scripts to see what specifically is not working and was wondering if anyone has seen this before.

test-wsman $DFSIPADDRESS | tee-object -variable test | out-file errortest.log
$test | out-file \\$DFSIPADDRESS\my\personal\share\wsmantest.log
$error | out-file errortest.log

The error output indicates that the user "has not been granted the requested logon type at this computer." for the out-file to the DFS. If I run the same script as the user in ISE it works fine. If I run the script through task scheduler but require the user to be logged in it also works.

The user is a domain user and in the local admin group. I have verified log on as a batch for the user.

I have verified batch logon. It's as if the user is not getting domain access when the script is run via task scheduler, but does still have local admin rights.

any thoughts would be very appreciated.

1
powershellscheduled-taskswindows-server-2019
Seems like your service account doesn't seem to have permissions to run scheduled tasks, did you see if it's added at least as Log on as a batch job ? In addition to that, you should the absolute path where the files are going to be saved to avoid further errors. - Santiago Squarzon
I am using absolute paths in the actual script and it works saving locally even to paths restricted to admin access it seems only domain privileges aren't being extended. The log on as batch job is set with both the user specifically (added when troubleshooting) and the administrators group which the user is a member of. - Joshua Pape

1 Answers

0
votes

There are a few likely culprits to generate this error. These first three are unlikely if you can access the file share with that user manually:

  • The AD user has the LogonWorkstations attribute set, limiting its ability to connect remotely.
  • On the local machine, the Allow Log On Locally policy is set to specific users.
  • On the remote machine, Access this computer from the network is set to specific users

Go ahead and check these though:

  • The local machine doesn't allow Log on as a batch job, which you mention you've checked (make sure you have restarted if you changed this). Verify that there is not a difference between the domain group policies and the local group policy that may be overriding your settings.
  • In the security options of the task, the Do not store password option is enabled.

Also try creating a very basic task, running as that user, set to only run while user is logged in, with something like this to see if it connects successfully:

Action: Powershell.exe
Args:   -c "Hello" | Out-File \\server\share\hello.txt