Schuled task will not run unless user is logged in

[mr_daemon]

Well, I recently got a new job which requires Windows Server Boxen Wrangler skills. While I am knowledgable about Active Directory and its dirty little secrets, this is my first actual experience in a production environement on something other than NT4.

And well, second week, and I run into something that baffles my logic. Perhaps one of you less Unix-driven Windows admins might be able to help me there.

You see, we have a batch file that does some checking upon the workstations of the domain, which has to be ran on a few servers as a Task Scheduler job.

The task runs as DOMAIN\SomeUser (which exists for this very purpose).

The job was created on a member server, and the job will not run and fail. It lists a generic failure in the "logs".

Now now, I thought permissions were at cause, but we have an identically set-up server over here which works flawlessly.

Now here is the part that baffles my mind:

The job fails to run. I login as the said DOMAIN\SomeUser somewhere via Terminal Services, the job actually runs.

If I logout, it fails.

And no, before you ask, the batch file posseses not something such as popup dialogs or anything requiring input.

If I run the job as the Administrator (in the job properties) it work.

So, it works with elevated privileges, it works when the user is logged on somwhere, else it fails.

...

No, sorry, I know not what the hell is happening.

I have never encountered this before at All.

As I stated I have another server with an identical set-up which works flawlessly.

Anyone?

(NOTE TO SELF: We will now proceed to test once more if I asked something that nobody is able to figure out. I have asked six questions maybe on neowin since I joined -- none were answered :p)

[travelcard]

It needs to be something that runs are a service in order for it to run while logged off.

It may be something that already runs as a service. If so, you can ignore the following. You can actually make anything run as a service, these instruction set "Second Copy" to run as a service, but you can adapt it for anything:

Running Second Copy as an NT Service

You can configure Second Copy to run as an NT Service if you have the SrvAny.exe utility that comes with Microsoft NT Resource kit.

1. Install Second Copy using defaults

2. Configure any profiles as necessary. Also, edit the options and uncheck the box "show progress" in the performance tab, and "show message box....." in the copy tab

3. Copy INSTSRV.EXE and SRVANY.EXE from the NT Resource Kit to C:\WinNT

4. Run "INSTSRV SecondCopy c:\WinNT\srvany.exe"

5. Using REGEDT32 find the following key:- HKEY_LOCAL_MACHINE\

SYSTEM

\CurrentControlSet

\Services

\SecondCopy

6. Create a new key called "Parameters"

7. Create a new REG_SZ value under it called "Application" and give it the value c:\Program Files\Second Copy 97\sc97.exe

(For Second Copy 2000 use c:\Program Files\SecCopy\SecCopy.exe)

8. Run Control Panel, Services, find the SecondCopy service and change the Startup settings for the service to log on as an account that has the relevant read/write permission for what you want SecondCopy to do (usually a member of the Backup Operators group should be okay).

9. Start the service.

Note: To run Second Copy interactively (to add/change profiles etc), you must stop/pause the service.

[mr_daemon]

Well uhm... it's a scheduled task, not a service -- it is set up using the task scheduler...

And as far as I know, you don't need to do that.

And how would a service make something run every X hour every Y day...

Unless of course it is something new from 2003, because we have a 2k box that works fine...

Anyone?

[jonovate]

I skimmed, but have the task run under a service account (in 2003, NT AUTHORITY\SYSTEM, make sure you set the password on it the first time, then ignore the password fields when you pick the account later on)

[SAXD]

mr_da3m0n -- here's the answer that you're looking for:

Check which GPOs are being applied to the server (is this a member server or a DC?)

Check the value(s) of: Computer Configuration--Windows Settings--Security Settings--Local Policies/User Rights Assignment--"Log on as batch job"

You'll need the username that the scheduled tasks are running under added.

Cheers :)

Edit part: If you're uncomfortable/unfamiliar with Group Policy (I see you're a prior NT4 admin) the you should really check out the Group Policy Management Console. It installs on an XP SP1 (or newer) workstation and lets you easily manage your GPOs (with Active Directory Users and Computers --ADUC-- as well).

It's a free download from Microsoft.

Edited April 11, 2005 by Z3romus