0

I have created a FailedLogon task in GPO similar to this https://woshub.com/scheduled-task-gpo/ The task gets deployed if I run it as SYSTEM. But when trying to run it under a service account srv_tasks it doesn't schedule the task. And in the event logs I see this:

The computer 'FailedLogonTask' preference item in the 'FailedLogonTask{70C9DC24-A2C3-4857-8443-2CFF638B7D00}' Group Policy Object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed.

Note that I applied the GPO to Test Machines ou which has Domain Admin delegation. The service account srv_tasks is member of the Domain Admins in AD.

I have even tried adding the srv_tasks as admin locally on one of my test machines and still can't get the GPO task applied on some of the machines. It does work on others.

Fyi, when I deploy the task using the srv_tasks account in GPO it doesn't ask for password.

imaxt
  • 1
  • 1
  • Likely related to PowerShell execution policy as per this post: https://learn.microsoft.com/en-us/answers/questions/529154/task-schedule-is-not-working-thru-gpo but it seems like more detail is needed to not guess. I'm surprised you have it domain admin or local admin permission to run this. If that's not needed and you work it out, test after removing both those to ensure it works. Once you remove it from Domain Admins, test it again while it's not domain admin a day later too and be sure you reboot that machine the next day before you start testing it for extra thoroughness. – Pimp Juice IT Mar 13 '23 at 20:28

0 Answers0