Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can the Task Scheduler be made to logon as a batch job only?

Status
Not open for further replies.
mousseman

mousseman

MIS
Aug 5, 2002
17
0
0
CH
I have a small nagging problem. I need to run a load of batch jobs with a special account which is local admin on the server, but which as the user right "Deny logon locally" set to enable for this account.

To allow this account to log on locally has been considered unsafe by our security officer, so we have to find a way the Windows task scheduler will let logon a scheduled task just as a batch job, and not interactively (as it usually does). Is there any registry entry, or maybe a free task scheduler that will just use the account info and logon as batch job, and not interactively?

The account in question is local admin on the member server.
 
Sort by date Sort by votes
Sounds like a bizarre thing to do, deny local admin logon rights! Leads to silly problems, such as the one you're having at present.

However, you can allow the account "logon as batch job" rights (and also "log on as service", if you want to make your scheduled job into a service instead). In Local Security Settings, under Local Policies and User Rights Assignment, you'll see the Logon as Batch Job right. Simply add the appropriate account and you oughtn't have further problems.
 
Upvote 0 Downvote
billieT,

the problem is that the company IS security officer asked for this. I would love to have this service account have the local logon right.

Now, is there a trick to tell Scheduled Tasks (on W2k) that the jobs have to be started in the same way the runas /netonly would do it?

If possible, I'd like to avoid installing a second scheduler service on that machine. Is there, in the windows world a free cron utility which runs stable and allows to run cron jobs with another account?

Regards

mousseman
 
Upvote 0 Downvote
I don't understand what the problem is here. If you configured your service account with run as batch job or service rights, you simply use that account when you schedule the task in Task Scheduler (or AT). You can configure as many tasks as you like to use any accounts that you like. By the way, it appears that Local Administrator already has the Log on as Batch Job right. Have you added the Everyone group to Deny Log on Locally? That can cause horrendous unforeseen consequences.

To return to the issue of denying the Local Admin log on locally rights, no one I've discussed it with has heard of doing such a thing. I'd be very interested to see where your IS officer has got this suggestion from!
 
Upvote 0 Downvote
We solved the problem. We made that service account the AT service account, removed the service account from the local admin, and gave it the right to log on locally.

Actually, if you schedule something with AT, it will log in as a batch only, but if you use Task Scheduler, it will logon interactively.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
106
microsGuy16
microsGuy16
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
135
gbaughma
gbaughma
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
77
ADB100
ADB100
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
89
DTGMI
DTGMI
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
129
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top