I want to configure a Windows Server 2012 R2 and a Windows User (Active Directory Domain) in a way that the user has least privileges to access (read) a windows scheduled task on a remote windows server.
As long as I use local admins (on the remote systems) everything works fine. But I don't want to use local admins for obvious reasons, so I tried configuring a non-admin user to access scheduled tasks on a remote maschine. The user X is a member of the remote local groups Distributed COM Users, Performance Monitor Users, Performance Log Users, Remote Desktop Users, and Remote Management Users. Additionally X is has Execute Methods, Remote Access, and Enable Account in WMI for the Namespaces \Root\CIMV2 and \Root\Mirosoft\Windows\TaskScheduler. Also X has the permission to log on as a batch job.
When I log on with X on the remote server (powershell remoting) and run Get-ScheduledTaskInfo I get:
Category : PermissionDenied
Activity : Get-ScheduledTaskInfo
Reason : CimException
TargetName : PS_ScheduledTask
TargetType : Root/Microsoft/Windows/TaskScheduler/PS_ScheduledTask
Which tells me that X does not have the appropriate WMI permissions...
I'm out of ideas. Does anyone know how to configure a user with least privileges to access remotly running scheduled tasks?
