Invoke-CommandAs icon indicating copy to clipboard operation
Invoke-CommandAs copied to clipboard
verified publisher icon mkellerman

Can't figure out the right amount of permission

Open mieel opened this issue 5 years ago • 2 comments

I'm having trouble to figure this out for a couple days, I was hoping you might have some insight:

Running this Invoke-CommandAs -ScriptBlock { Write-Output 'Test'} -AsUser $credObject -verbose as a normal user, returns

Invoke-ScheduledTask : Task was unable to be executed.
At C:\Program 
Files\WindowsPowerShell\Modules\Invoke-CommandAs\3.1.6\public\Invoke-CommandAs.ps1:399 char:17
+                 Invoke-ScheduledTask @Parameters

Fair enough, not every user needs to have permission to create Scheduled Tasks. When I assign log on as a batch job to the user, no errors comes back, but! I get no Output.

Investigating the $error[0] variable I could see that under hoods there was an error: Get-Job : The command cannot find the job because the job name <GUID> was not found. Verify the value of the Name parameter, and then try the command again.

For now, I only got it working if I add the user to the local Adminstrator group. Any idea what the exact permissions are?

mieel avatar Apr 16 '20 11:04 mieel

It might be an issue with the user that is used to create the task, has to be the user used to Invoke the Command.

So add: -Credential $credObject

cross fingers

mkellerman avatar Apr 16 '20 17:04 mkellerman

Invoke-CommandAs -ScriptBlock { Write-Output 'Test'} -AsUser $credObject -Credential $credObject -verbose Invoke-CommandAs : Parameter set cannot be resolved using the specified named parameters. At line:1 char:1

mieel avatar Apr 16 '20 19:04 mieel