GMSA's and scheduled tasks
Dave Lum
So, I am finally getting into the 2010’s and moving scheduled tasks to using Group Managed Service Accounts. I am able to create them in PowerShell, but is the only way to make changes to an existing schedule also via PowerShell since the GUI will ask for the password at each change?
Dave Lum (he/him)
Systems Administrator III
P: 503.546.2163
E:
lu...@ochin.org
A: 1881 SW Naito Parkway, Portland, OR 97201
Charles F Sullivan
schtasks /Change /TN <NAME_OF_TASK> /RU "<gMSA$>" /RP ""
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CO1PR17MB530821AD8EEDBC883EF6DF3CDD8CA%40CO1PR17MB5308.namprd17.prod.outlook.com.
Charlie Sullivan
Principal Windows Systems Administrator
Aakash Shah
We take a similar approach where we create or modify a scheduled task in the GUI. Assign the task to run as “Run only when user is logged on”, which shouldn’t prompt for a password. Then change the task to use a gMSA.
In PowerShell, this can be converted to a gMSA using something like this:
#Use this to get the full path to the scheduled task since it’s needed for the next step or add to variable
Get-ScheduledTask
# $gMSAname must contain the suffix $
$Principal = New-ScheduledTaskPrincipal -UserId $Domain\$gMSAname -LogonType Password -RunLevel Highest
Set-ScheduledTask "$TaskPath$TaskName" -Principal $Principal
-Aakash Shah
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CAEuHzzmU8m39fyqLfGf0ih7f_a7oGNAhTzxsYdBRJAW2KZwMUw%40mail.gmail.com.