Solved

Running scheduled task on 2008 R2 domain controller

Posted on 2014-12-22
13
658 Views
Last Modified: 2015-01-17
I've got a scheduled task (DHCPLFR.EXE) that is to roll up dhcp server logs each night.  
It runs on a 2008 R2 domain controller and up until last week it ran fine.  It stopped working as soon as we moved the account it uses out of the domain admin group.

Is there a way to keep the .exe job working without giving the service account it uses domain admin rights?

logs show it completed the job but nothing is actually run.  this is the log output

Task Scheduler successfully completed task "\DHCP Log Backup" , instance "{4352d922-50f2-49f5-bddb-488430928e58}" , action "C:\Windows\System32\dhcp\dhcplfr\DHCPLFR.exe" with return code 3762507597.

Thanks
0
Comment
Question by:NIS_RULE
  • 7
  • 6
13 Comments
 
LVL 17

Expert Comment

by:Chris Millard
ID: 40513490
If you want to give the task to a non-domain admin account, make sure that the account you wish to use has read access on the folder containing the logs, and write access on the folder where the logs need to be copied to.

Also make sure that the non-domain admin account has the rights to log on locally and log on as a service.
0
 

Author Comment

by:NIS_RULE
ID: 40513519
The account has full access to the logs folder, however it does not have access to the folder higher up (i.e. c:\windows\system32\dhcp)  for some reason windows won't let me give that account any access to those higher level folders either.
0
 
LVL 17

Expert Comment

by:Chris Millard
ID: 40513569
And can you log on to the server as that user ok? If so, can you  click start->run, and type the full path to the log folder and see if Explore will open up in that folder?
0
 

Author Comment

by:NIS_RULE
ID: 40513575
No, the user is a standard domain user, does not have rights to login interactively to that domain controller.
0
 
LVL 17

Expert Comment

by:Chris Millard
ID: 40513605
That is probably the reason why. You need to grant the login interactively right to that user account.
0
 

Author Comment

by:NIS_RULE
ID: 40513612
Our security policy does not allow login interactively for non domain admin accounts on domain controllers.

I have another task scheduled with the same account on the same server except it isn't an .exe (it's a batch file) and it works fine.  

I don't know if there is something special needed for an .exe file to run as scheduled task vs a batch file.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 17

Expert Comment

by:Chris Millard
ID: 40513635
Ah ok. Can you call the exe from within a batch?
0
 

Author Comment

by:NIS_RULE
ID: 40513645
Tried adding it to a batch file and running the batch file.  get same failure.  :(
0
 
LVL 17

Expert Comment

by:Chris Millard
ID: 40513649
Can you move the exe to a non-system directory and run it from there as the non-domain admin user?
0
 

Author Comment

by:NIS_RULE
ID: 40513653
The exe is only designed to work from that directory.  I would have to track down the developer of the app and have them re-code it if I were to move it  :(
0
 
LVL 17

Expert Comment

by:Chris Millard
ID: 40513881
OK - let's try a different approach. DHCP logs are in the format DhcpSrvLog-day.log

I've written a batch file that will copy yesterdays log to a file called DhcpSrvLog-yyyymmdd.log (yesterdays date). This will mean you not having to use the exe.

Save the code below to a batch file (I use the .cmd extension). You'll need to change 'temp\' (line 19) to a location that you want to save the log files to.

Try it out and let me know how it goes.

@echo off
REM Create VBS script

set vbsfile=DateInfo.vbs

echo	Dim dt, yesterday>%vbsfile%
echo	dt = DateAdd("d", -1, Date)>>%vbsfile%
echo	YesterdayDate = Right(Year(dt),4) ^& Right("0" ^& Month(dt),2) ^& Right("0" ^& Day(dt),2)>>%vbsfile%
echo	Newdate = Date>>%vbsfile%
echo	YesterdayNameShort = WeekdayName(DatePart("W",Newdate)-1, True)>>%vbsfile%
echo	wscript.echo YesterdayNameShort^&" "^&YesterdayDate>>%vbsfile%

REM    Store output of vbs script in variables
for /f "tokens=1-2 delims= " %%A in ( ' cscript //nologo %vbsfile% ' ) do (
   set YesterdayNameShort=%%A
   set YesterdayDate=%%B
)

copy %systemroot%\System32\dhcp\DhcpSrvLog-%YesterdayNameShort%.log temp\DhcpSrv-%YesterdayDate%.log

del DateInfo.vbs

Open in new window

0
 

Accepted Solution

by:
NIS_RULE earned 0 total points
ID: 40544805
Thanks for the input.  I found a solution by running the scheduled tasks as system account rather as a service account we created.
0
 

Author Closing Comment

by:NIS_RULE
ID: 40554966
Found work around
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now