0

I have an odd situation, executing a PowerShell script as a scheduled Windows task. The script calls some HPE OneView cmdlets, and it works fine when run interactively or when set to launch using my personal ID.

However, when I set the task to run under a service account, the script loads but the HPE cmdlets do not run. I've verified that the correct password has been set for the service account, and that it runs with admin access.

Are there special permissions that need to be set for the task to run as a service account? I'm thinking this might be GPO related, but am unclear where to look.

32767
  • 117
  • 1
  • 12
  • Did you check executionpolicy on that account? – OwlsSleeping Sep 30 '20 at 15:41
  • The scheduled task logon account needs the `Log on as a batch job` privilege on the machine, otherwise nothing special – Mathias R. Jessen Sep 30 '20 at 16:03
  • @OwlsSleeping - Unfortunately, corporate policy prohibits logging in locally, so I don't think I can test that. – 32767 Sep 30 '20 at 16:11
  • @MathiasR.Jessen - Hopefully, it's that simple. I'll take a look there next. – 32767 Sep 30 '20 at 16:12
  • Ok cool thanks. Executionpolicy isn't the issue then. Probably batch job privilege. – OwlsSleeping Sep 30 '20 at 17:12
  • @OwlsSleeping - This is the Execution Policy returned for the service account that runs the script: MachinePolicy: Undefined , UserPolicy: Undefined, Process: Undefined, CurrentUser: Unrestricted , LocalMachine: Unrestricted – 32767 Sep 30 '20 at 17:17
  • To get a hint what is wrong, see [Scheduled Task Powershell Script - Runs OK as user account, but not as SYSTEM](https://stackoverflow.com/a/51612478/1701026) – iRon Sep 30 '20 at 17:39

1 Answers1

0

This turned out to be neither a GPO or Powershell execution policy issue. The problem in my script had to do with how I was getting the password for the account being used to log into the HPE OneView appliance. I store the password in a file as a secure string, and the string was encrypted with my user id. When I tried to run the script using the service account, it would start, but fail to decrypt the password since it was not encrypted by the service account. This is the StackOverflow post that helped me figure out what was wrong:

ConvertTo-SecureString : Key not valid for use in specified state.

32767
  • 117
  • 1
  • 12