PowerShell on remote server 2016 error: Cannot open Service Control Manager on computer 'xxx.xxx.xxx.xxx'. This operation might require other privileges.[0]

Mohamed Sayed 1 Reputation point
2021-06-02T11:27:15.687+00:00

Hi Gurus,
I have a PowerShell script used to stop/start services on a remote 2016 server running from another 2016 server.
I enabled PS remoting, enabled File and Printer sharing in Firewall, I have a domain user which has Domain Admin permission.

When I run the script from Task Scheduler using that account, I get the below error:
Cannot open Service Control Manager on computer 'xxx.xxx.xxx.xxx'. This operation might require other privileges.[0]

When I use Administrators group in the Task Scheduler, it works fine when triggered manually (and of course it doesnt trigger automatically because I cannot change the checkbox for "Run whether User is logged in or not").

When I run the script from PowerShell As Administrator, it works fine too.
When I run the script manually from PowerShell using the domain account (Run As Different user), it works fine as well.

What could be wrong with Task Scheduler?

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,507 questions
{count} votes

7 answers

Sort by: Most helpful
  1. MotoX80 33,561 Reputation points
    2021-06-04T00:00:57.003+00:00

    When I use Administrators group in the Task Scheduler, it works fine when triggered manually (and of course it doesnt trigger automatically because I cannot change the checkbox for "Run whether User is logged in or not").

    That's because Administrators (plural) is a group and not a user. A group cannot logon. If task scheduler is running with that group then it is really using whatever account that you are logged on with.

    When I run the script from PowerShell As Administrator, it works fine too.

    Does that mean that you logged on to the machine with the account named Administrator or does that mean that you selected the "Run as administrator" option to elevate the process for UAC access?

    I have a domain user which has Domain Admin permission.

    For example, lets call that account MyDomain\MyAdmin. And you have machine AAA where the script runs and you are trying to query the services on machine BBB. Are you able to logon (RDP) to both machines using the MyDomain\MyAdmin and perform administrative tasks? (To verify that both machines see that account as a member of the administrators group.)

    Using that account on machine AAA run these commands. Do they work?

    get-service -ComputerName BBB
    invoke-command -ComputerName BBB -ScriptBlock {Get-service} 
    

    Cannot open Service Control Manager on computer 'xxx.xxx.xxx.xxx'.

    Are you using the computer name or the IP address on your Powershell commands? I would recommend using the computer name. In fact you may want to try using the fully qualified name, BBB.MyDomain.Com.

    Finally, on the task definition you will see a checkbox labeled "Run with the highest privileges". Make sure that is checked. The task should run as your MyDomain\MyAdmin account.


  2. Andy YOU 3,076 Reputation points
    2021-06-04T03:46:59.9+00:00

    HI MohamedSayed-4462,

    0.Do you have below condition?
    We create a task scheduler on local server 2016, in this task scheduler and insert "powershellscript" on local server 2016. This "powershellscript" will be triggered to stop/start service running on remote server 2016.

    "I have a domain user which has Domain Admin permission."
    1.Can you check if this domain user account is in domain admin user group like picture?
    102312-capture.png
    2.Could you please check if this domain user account is in local administrators group of remote server 2016?
    102277-2.png

    3."PowerShell script used to stop/start services"
    Could you share the simple powershell command for us to test your issue?

    4.Are both local server 2016(task scheduler launched machine) and remote server 2016 in the same AD domain?

    0 comments No comments

  3. Mohamed Sayed 1 Reputation point
    2021-06-06T00:49:56.693+00:00

    Thanks Jia for taking the time to search and reply.

    1.Can you check if this domain user account is in domain admin user group like picture?

    Yes, it is in the domain admin group

    2.Could you please check if this domain user account is in local administrators group of remote server 2016?

    No, it is not in the Administrators group. I understand that as long as the account is created in AD then all permissions are pushed from AD to the server, so I dont need to add it to the Local Administrators group in the target server, should I?

    3."PowerShell script used to stop/start services"
    Could you share the simple powershell command for us to test your issue?

    foreach ($SERVER in $SQERVERS)
    {
    $arrS = Get-Service -Name "*Monitoring" -ComputerName $SERVER
    if ($arrS.Status -eq "Stopped")
    {
    $arrS | Start-Service
    }

    }
    
    1. Both servers are in the same AD domain.

    ****Problem was solved after using FQDN instead of IPs****

    0 comments No comments

  4. Andy YOU 3,076 Reputation points
    2021-06-13T15:44:02.86+00:00

    HI

    I insert below ps script in task scheduler on my local 2016 server.
    $arrs = get-service -name "print spooler" -computer 192.168.0.24
    if($arrs.status -eq "stopped")
    {
    $arrs|start-service
    }

    II created a taskscheduler with name test1, the detail information like below:
    107288-1.png
    107344-2.png
    107220-3.png
    107303-4.png
    107361-5.png
    107280-6.png
    No matter the logon account is "Administrators group" or "specified domain admin", the task scheduler run fine.
    So could you please logon the remote server to stop "printer spooler service" on remote server, then create a new test taskscheduler like above example, will the same issue happen?

    2.Does the same issue happen on other server which can be created the same task scheduler?

    3.Did you set winrm trusted host for the ip address of destination remote server on local server?
    for example:
    Set-Item wsman:\localhost\Client\TrustedHosts -value 192.168.3.*

    0 comments No comments

  5. Andy YOU 3,076 Reputation points
    2021-06-22T01:53:19.287+00:00

    HI MohamedSayed-4462,

    Is there any progress on your question?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.