Can t run Scheduled Task with non-Admin #windows #os, #operating #systems


#

Can’t run Scheduled Task with non-Admin

Last Modified: 2011-02-24

I have a domain account that I want to use to run a Scheduled Task. I have read several posts here regarding necessary permissions for an account to run a Scheduled Task on a Windows 2003 Server machine, and have applied the necessary permissions, but I still can’t get it to work.
I get the following in the log:
————————-
File Deployer Step 3.job (3_BatchMoveToRs820VolStag e.bat) 10/12/2007 11:37:00 AM ** ERROR **
Unable to start task.
The specific error is:
0x80070005: Access is denied.
Try using the Task page Browse button to locate the application.
————————–

First off, if I add this acct to the Administrators group, everything runs fine. However, I don’t want to do that. I added it to the Backup Operators group, which supposedly has enough rights, but nothing. The user has NTFS permissions to all the folders where the batch file resides, and everything else that the batch file touches or interacts with. I also used CACLS to grant permissions to the Tasks folder (Full Access), but to no avail. The user has the following User Rights assigned:
-Access this computer from the network (read somewhere it was needed)
-Allow log on locally
-Log on as a bacth job
-Log on as a service

I created this Task with another user (an Admin) and it runs fine using those credentials and while logged on as the admin user. However, when I change the credentials to the non-admin user’s, I get the message above. If I log-in to the server with the non-admin account and run the task with the non-admin’s credentials, it runs fine! But then when I go to look at the log later, I see the error above when it runs at the scheduled times.

Any ideas? Am I missing something? I’ve rebooted the machine after applying the user rights and all, with no results. Please help!

Thanks in advance!

I restarted the machine with no luck. I monitored the Security Event Log, and these are the entries recorded when I run the job manually while logged on as another user (an Admin), and the job is setup to run with the non-Admin user. The ***** are the non-Admin user’s ID and domain. Does anybody see any clues here?

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 10/12/2007
Time: 4:22:25 PM
User: ************
Computer: SW820VOLWQA01
Description:
Successful Logon:
User Name: ******
Domain: ******
Logon ID: (0x0,0x92200)
Logon Type: 4
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: SW820VOLWQA01
Logon GUID:
Caller User Name: SW820VOLWQA01$
Caller Domain: LA
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 832
Transited Services: –
Source Network Address: –
Source Port: –

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 576
Date: 10/12/2007
Time: 4:22:25 PM
User: *********
Computer: *********
Description:
Special privileges assigned to new logon:
User Name: **********
Domain: **********
Logon ID: (0x0,0x92200)
Privileges: SeBackupPrivilege
SeRestorePrivilege

Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 10/12/2007
Time: 4:22:25 PM
User: NT AUTHORITY\SYSTEM
Computer: SW820VOLWQA01
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: C:\WINNT\Tasks\File Deployer Step_3.job
Handle ID: 3220
Operation ID: <0,598936>
Process ID: 832
Image File Name: C:\WINNT\system32\svchost. exe
Primary User Name: SW820VOLWQA01$
Primary Domain: LA
Primary Logon ID: (0x0,0x3E7)
Client User Name: –
Client Domain: –
Client Logon ID: –
Accesses: READ_CONTROL
SYNCHRONIZE
WriteData (or AddFile)
AppendData (or AddSubdirectory or CreatePipeInstance)
WriteEA
ReadAttributes
WriteAttributes

Privileges: –
Restricted Sid Count: 0
Access Mask: 0x120196

Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 567
Date: 10/12/2007
Time: 4:22:25 PM
User: NT AUTHORITY\SYSTEM
Computer: SW820VOLWQA01
Description:
Object Access Attempt:
Object Server: Security
Handle ID: 3220
Object Type: File
Process ID: 832
Image File Name: C:\WINNT\system32\svchost. exe
Accesses: WriteData (or AddFile)
AppendData (or AddSubdirectory or CreatePipeInstance)

Access Mask: 0x6

Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 562
Date: 10/12/2007
Time: 4:22:25 PM
User: NT AUTHORITY\SYSTEM
Computer: SW820VOLWQA01
Description:
Handle Closed:
Object Server: Security
Handle ID: 3220
Process ID: 832
Image File Name: C:\WINNT\system32\svchost. exe

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538
Date: 10/12/2007
Time: 4:22:25 PM
User: *************
Computer: SW820VOLWQA01
Description:
User Logoff:
User Name: viscftp
Domain: VISA
Logon ID: (0x0,0x92200)
Logon Type: 4


admin

admin wrote 23006 posts

Post navigation


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>