@RLWA32 : Yes I did.
I've tried installing a new the DC from the ISO not from a VMware template wondering if there was a problem with our template.
Same observation.
Here is an illustration :
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi folks,
I was definitely sure that a gMSA needs "logon as a batch job" to run a scheduled task. But I've noticed on one of our servers that a scheduled task launch by a gMSA was running fine although the gMSA was missing this privilege !
So today I've installed a new DC from scratch in an isolated environment and I get the same result. Can someone please check on his server if a scheduled task launched by a gMSA can run if the gMSA doesn't have a "log on as a batch job" privilege ?
Thank you.
Chris
Hello, I wonder this aswell. Why does it work without being a member of the group "LogonAsBatch"?
Is it because of this property "PrincipalsAllowedToRetrieveManagedPassword" on the serviceaccount (gMSA)?
By default members of the local Administrators group have the logon as batch privilege
a gMSA account is not a member of the local administrators group by default. It's a non privileged account by default.
Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query.
Yes, in order to run tasks in the Task Scheduler, gMSA accounts must logon as a batch job. Furthermore, it's crucial to confirm that the gMSA account has the authorizations required to access the resources it need to finish the task. This entails giving the account the required user rights in addition to the access privileges it needs to use shared network resources.
If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.