Scheduled task using gMSA

PowerShell Help
1

Hello,

As it is not possible to use GUI for creating a scheduled task on Windows when using gMSA I must user Powershell.
What I have done is : creating my task using GUI whith administrator account then I have changed the user using this command

[pre]$principal = New-ScheduledTaskPrincipal -UserID Domain\GMServiceAccount$ -LogonType Password

Set-ScheduledTask “Task Name” -Principal $principal[/pre]

It works fine for 1 server but I need to use it to multiple servers.
Si I have exported my task by GUI and imported it using this PS command :

[pre]Register-ScheduledTask -xml (Get-Content ‘C:\PATH\TO\IMPORTED-FOLDER-PATH\TASK-INPORT-NAME.xml’ | Out-String) -TaskName “TASK-IMPORT-NAME” -User Domain\GMServiceAccount$ –Force[/pre]

My issue appeared at this time because after importing my task on another server some parameters have changed.
My task has been created to run “whether user is logged on or not” but after the importation this parameters changes to “Run only when user is logged on”.

Do you have any idea about what I can do ?

Regards,

 

2

Here’s a script I came up with to create scheduled tasks. Maybe it can help you finish yours.

$Scriptblock = {
    $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-NoProfile -windowstyle hidden c:\path\to\script.ps1'
    $trigger = New-ScheduledTaskTrigger -Daily -At 7am
    $settings = New-ScheduledTaskSettingsSet -Hidden -WakeToRun -StartWhenAvailable
    $params = @{
        Action = $action
        Trigger = $trigger
        TaskName = "Scheduled task name"
        User = 'domain\user'
        Description = "Description of scheduled task"
        Settings = $settings
        Password = 'OhNoClearText'
    }
    Register-ScheduledTask @params
}
Invoke-Command -ComputerName RemotePC -ScriptBlock $Scriptblock
3

Oh this might be more helpful. I think it’s the fact of providing the username and setting the logontype that you are needing.

$principal = New-ScheduledTaskPrincipal -RunLevel Highest -UserId Domain\User -LogonType InteractiveOrPassword
4

Hi Doug,

You think that what I want to do is not possible ?
Create a task from GUI > modify it by PS > export the task by GUI > import the task by PS to another server ?

You think that I should create the task by PS to all my servers ?

Regards,

5

I think you could do it either way. I’m just showing you what I used to set my task to run as a user whether logged in or not. So one of those settings should do what you want. Good luck!