SCOM 2022 How I can use in PowerShell "predefined run as account" in start-scomtask command

Nowaczyk, Patryk 0 Reputation points
2023-03-30T11:38:45.03+00:00

Hello folks,

I want to use the predefined Run As Account option in my SCOM tasks, but right now I feel like it's not possible from PowerShell.
User's image

There was a change in SCOM 2022 that right now -taskcredentials is required in the Start-SCOMTask command.
Settings > Miscellaneous > Tasks Execution, is enabled.
I think there is an option to achieve this by editing the task directly in the management package, but I would like to achieve this without interfering there.
Do you have any advice?

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,436 questions
Microsoft System Center
Microsoft System Center
A suite of Microsoft systems management products that offer solutions for managing datacenter resources, private clouds, and client devices.
885 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,237 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. SChalakov 10,371 Reputation points MVP
    2023-03-30T13:01:06.1933333+00:00

    Hi,

    Start-SCOMTask does not require the usage of PSCredential when started by non-admin users and when the option "Task Execution" is Disabled. In this case (when -TaskCrendetials). This would result in the task failing in case the non-admin user has not been delegated the permission on the task in question.

    In order to better understand your gooal I have to ask some additional questions:

    • If I get this right, you want to start a Task, using the option "Use predefined Run As Accont" over PowerShell (Start-SCOMTask), is that correct?
    • Do you want to do this with your admin account or in another user context?
    • Is the other user (if this iss in question) an admin or a scoped user?
    • What about this example (from the cmdlet reference for SCOM 2022):

    Get-SCOMTask -DisplayName "Get Monitor State" | Start-SCOMTask -Instance $Instances

    with the option "Task Execution" (Reference) being disabled?

    Can you please post those detials, I will do my best to help you.


    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
    Regards
    Stoyan Chalakov


  2. SChalakov 10,371 Reputation points MVP
    2023-03-30T16:02:03.08+00:00

    Hi Patryk,

    why don't you jsut disable this option?

    Disable run as accounts

    User's image


    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
    Regards
    Stoyan Chalakov

    0 comments No comments

  3. Miquel Manteca Feliu 0 Reputation points
    2023-10-06T09:52:22.31+00:00

    I suggest you try using the parameter "-TaskCredentials $null" to use the preconfigured RunAs account.

    Example:

    Start-SCOMTask -Task $TaskObject -Instance $AgentObject -ErrorAction Continue -TaskCredentials $null

    I hope it helps.

    0 comments No comments