Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more
COURSE of the MONTH
10 days, 23 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
need help creating a user just to run scheduled tasks on server 2008 r2
Posted on 2012-12-26
Hi!
I need help creating a user dedicated for scheduled tasks on windows server 2008 r2.
The user should not have access to do anything else other than running vbs scripts inside batch file, scheduled with "task scheduler".
I tried to create a local user, not an administrator, and gave it full access permission to the scripts folder and to the folder contain the files that the script will manage.
Unfortunately, I get an error say the user doesnt have access for this machine (the server).
I do not want to add this user to administrator group, because than I'll have another security weakness\weak point in my system (another user hackers can try to use).
Please advice,
Thanks!
I need help creating a user dedicated for scheduled tasks on windows server 2008 r2.
The user should not have access to do anything else other than running vbs scripts inside batch file, scheduled with "task scheduler".
I tried to create a local user, not an administrator, and gave it full access permission to the scripts folder and to the folder contain the files that the script will manage.
Unfortunately, I get an error say the user doesnt have access for this machine (the server).
I do not want to add this user to administrator group, because than I'll have another security weakness\weak point in my system (another user hackers can try to use).
Please advice,
Thanks!
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
2-
2
6 Comments
I checked our usage and I have a user for running scheduled tasks. It is a member of administrators. If you make your user member of administrators temporarily, does it work?
If so, remove it from administrators and then it is a matter of finding the specific difference between administrators and standard that is sufficient to get access.
If so, remove it from administrators and then it is a matter of finding the specific difference between administrators and standard that is sufficient to get access.
Thanks but it didn't helped me much. Of course administrator permission will let it run the scheduled task (its a windows server machine, the default is only admins can logon to it).
My question is, how do I give regular user permission to run tasks on the server, I do not want to create an administrator account for scheduled tasks because I believe in giving just the permission the user must have and not more than that.
Thanks!
My question is, how do I give regular user permission to run tasks on the server, I do not want to create an administrator account for scheduled tasks because I believe in giving just the permission the user must have and not more than that.
Thanks!
Active 1 day ago
Help me understand, please. You say a user to run scheduled tasks. This user does not need to actually logon to the server once the tasks are created and tested?
If it is not required that this user ever actually log on to the server once the scheduled tasks are created and tested, create an admin user, schedule the tasks under that users profile, then give it some really difficult password so that no one could possible guess it or logon as that user. Hide this admin user from the GAL, and at this point you have a user that only admins can know about, that is essentially a hidden user, and only admins can logon as, and only after they have changed this very difficult password which you have made so difficult that not even you can remember it.
You say you belive in only give the required level of security. It seems that admin level is required to run scheduled, unattended tasks on the server.
Why not schedule them under the main admin? After all, that admin already has keys to the kingdom.
How is that a security risk?
If it is not required that this user ever actually log on to the server once the scheduled tasks are created and tested, create an admin user, schedule the tasks under that users profile, then give it some really difficult password so that no one could possible guess it or logon as that user. Hide this admin user from the GAL, and at this point you have a user that only admins can know about, that is essentially a hidden user, and only admins can logon as, and only after they have changed this very difficult password which you have made so difficult that not even you can remember it.
You say you belive in only give the required level of security. It seems that admin level is required to run scheduled, unattended tasks on the server.
Why not schedule them under the main admin? After all, that admin already has keys to the kingdom.
How is that a security risk?
Right, the task is run at the scheduled time with that effective user's rights. It can be set as a user with no logon rights so even with a password, it would not help a "bad guy" to log on. It is possible to use standard service account for the task scheduler, it's just you have the option to provide a user and password.
Thanks for the answers,
I don't use the main admin user for crons because I'll hate to manually go and update new passwords everywhere on every change.
I see I can schedule a task without providing additional credentials but in case the server doesn't have any user logged on to, and the user created the task changes his password, is the task will still run?
If so, which username or group should have permissions to the resources for the script?
Many thanks!
I don't use the main admin user for crons because I'll hate to manually go and update new passwords everywhere on every change.
I see I can schedule a task without providing additional credentials but in case the server doesn't have any user logged on to, and the user created the task changes his password, is the task will still run?
If so, which username or group should have permissions to the resources for the script?
Many thanks!
Featured Post
Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Sometimes drives fill up and we don't know why. If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left! Here's how you can find out...
- Windows OS
- Windows Server 2008
- Windows 8
- Windows Server 2012
- Windows 10
- Experts Exchange
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention.
Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008.
Determine the location of the FSMO roles by lo…
Suggested Courses
Course of the Month10 days, 23 hours left to enroll
770 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.