Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions
Why is "logon type 5" used (logon as a service) when a scheduled task runs as gMSA?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 67%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
Pauly, Christian
6
Reputation points
All documentation I could find so far referred to the account right "Logon as a batch job" as a requirement to start a scheduled task "whether a user is logged on or not". But this does not seem to be true for gMSA.
Whenever I configure a scheduled tasks to run "whether user is logged on or not" and define a gMSA via Powershell (- LogonType Password) it produces a LogonType 5 - "Logon as a service".
The same scheduled tasks configured to run in the context of a domain user produces LogonType 4 - "Logon as a batch job".
What I failed to learn after a lot of research is the reason why. Is somebody able to point me in the right direction so that I understand where the difference is between running a scheduled task as gMSA or domain user (with creds stored in Credential Guard)?