Hi, we have decided recently to use Group Managed Service Accounts all scheduled tasks will run under on particular server having tcp/5985 outbound port opened on all servers in the forest. I want to retrieve Last Boot Up Time value from all servers monthly to check if they were rebooted inside defined Maintenance Windows - having set scheduled task up to execute PS code now I see that report is empty because gMSA being used is missing rights/permissions on target servers (it has been added to Remote Management Users local group as first step). What rights/permission should I delegate to gMSA on target servers - definitely I do not want gMSA to be local administrator on all of them. (Get-CimInstance -ClassName Win32_OperatingSystem I used to retrieve last boot up time value) If this is not so difficult hopefully it is doable in bulk with GPO.
Thank you in advance.