I use a powershell script (EXE/XML sensor) to monitor scheduled tasks on windows servers. As long as I use local admins (on the remote systems) everything works fine. But I don't want to use local admins for obvious reasons, so I tried configuring a non-admin user to access scheduled tasks on a remote maschine. The user X is allowed is a member of the remote local groups "Distributed COM Users", "Performance Monitor Users", "Performance Log Users", "Remote Desktop Users", and "Remote Management Users". Additionally X is has "Execute Methods", "Remote Access", and "Enable Account" in WMI for the Namespaces "\Root\CIMV2" and "\Root\Mirosoft\Windows\TaskScheduler". Also X has the permission to log on as a batch job.
When I log on with X on the remote server and run Get-ScheduledTaskInfo I get: Category : PermissionDenied Activity : Get-ScheduledTaskInfo Reason : CimException TargetName : PS_ScheduledTask TargetType : Root/Microsoft/Windows/TaskScheduler/PS_ScheduledTask
Which tells me that X does not have the appropriate WMI permissions...
I'm out of ideas. Does anyone know how to configure a user with least privileges to access remotly running scheduled tasks?
Add comment