Share via

GPO to apply GPP Scheduled Task - Run as logged on user

Roger Pray 96 Reputation points
2021-02-17T21:24:39.27+00:00

I have created a scheduled task to apply as a GPP under a specific computer OU and have enabled loop back processing so that it only applies against the users who log in to those specific PCs.

The Scheduled Task is triggered by a wake event - specifically to run a powershell script to relaunch applications for the user when the system wakes, it also makes sure any disconnected sessions for the application are terminated.

If I manually run the task, it works beautifully.

But it does not appear to run when the system is allowed to sleep and is then woken up, I've configured the security options to run as %LogonDomain%\%LogonUser% and to only run when the user is logged in.

Anyone have any experience with something similar?

Thanks!

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments
Accepted answer
  1. Roger Pray 96 Reputation points
    2021-02-18T17:41:08.323+00:00

    I tried running at the machine level using NT Authority\System, and while it appeared to run, it didn't accomplish the goals as the applications need to run in the user's context.

    Yes, the user has access to the share where the files are located, if I go to the scheduled task, right click and select run, it will work just fine, just not when it activates from the schedule.

    I stepped away and did some additional testing over the last few hours, this testing took the form of a much simpler PS script that would just pop-up an alert message on wake-up. I pushed this again using GPP Task Scheduler, I used variations of it using %LOGONDOMAIN%\%LOGONUSER% and %DOMAINNAME%\%USERNAME%, etc. - and at no time did the alert box appear.

    I also made a local task, that still pointed to the same share and yet another variant of the script so that I could readily tell which pop-up message was tied to which script. This also didn't work.

    Next - I made another local task, and pointed this to a local copy of the pop-up script...this one worked.

    I've modified my GPP to copy the script locally, the task now points to the local copy of the script, it is running using %LOGONDOMAIN%\%LOGONUSER% settings and appears to be working.

    I just assumed that because I could manually run the task that meant that the scheduled version would work as well, in one respect it makes sense - this task is being initiated on wake of the computer. The network connection has not been properly established when it attempts to run, the tasks "completes" but the script is inaccessible, so nothing actually executes.

    While you didn't give me the answer, you put me on the path by asking some good questions.

    Thank you!

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-02-18T06:28:43.943+00:00

    Hi,
    Did the user have rights to run the scripts?
    What if you change the configuration for the GPO to the following settings:
    69404-2181.jpg
    Best Regards,

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.