Remoting working with normal logon but not scheduled task

I have a bit of code that collects event logs from domain controllers:

Invoke-Command -ComputerName (Get-ADDomainController -filter * | select -ExpandProperty name) -ScriptBlock {

xcopy ‘E:\Maintenance*.evt’ “\XXXXXXXXX\SecurityLogs$$env:computername” /y /z
del ‘E:\Maintenance*.evt’


When I rdp to the server that has this script and run it manually as a domain administrator then it works fine. On that same server I have created a scheduled task to run this script as a domain administrator account and it fails, presumably with access denied. The scheduled task has the “run with highest privileges” checkbox ticked. Why would running it manually work but not via a scheduled task please?
David Z

What does you your scheduled task look like? are you trying to call powershell.exe then run the .ps1 file?

I have seen it work setting execution policy to bypass when running the script

Thanks for that. Yes I am using powershell.exe. I added ‘bypass’ as you suggested and it worked - sort of. The script ran three times overnight and twice the ‘copys’ worked and once it didn’t. Very strange - but as long as it works sometimes that will do.

David Z

Now its not working at all. This is really weird. I’m trying to run this:

Invoke-Command -ComputerName (Get-ADDomainController -filter * | select -ExpandProperty name) -ScriptBlock {

$logfile = Get-WmiObject -Class win32_NTEventlogFile  -Filter "logFileName='Security'" 
$dt = get-date -format "yyyyMMdd-HHmmss"
$savelog = "E:\Maintenance\$env:computername-Security-$dt.evt"
move-item 'E:\Maintenance\*.evt' "\\xxxxx\SecurityLogs$\$env:computername" -force

and its failing on the move-item with:
“The system detected a possible attempt to compromise security.”

I though this might be a credssp thing but it has worked outside of a scheduled task so that cant be it.