env variable: username returns hostname within a Scheduled Task - GPO

Question

I am editing a Group Policy Scheduled Task. In General, Security Options "When running the task, use the following user account:" I have the following-

%USERDOMAIN%\%USERNAME%

Updating the gpo, and checking the result on a workstation, I see that the UserDomain was set correctly, except that the Username was NOT set correctly. It actually put the Hostname of the computer instead...example result:

CorrectDomain\PRMRH$

There are no errors, nothing in the event logs. It just will not run. I removed the %USERDOMAIN% and left just %USERNAME%, it will display "PRMRH$" in the scheduled task.

Should I be using something other than %USERNAME% ??

EDIT: MS HELP FILE STATES:

Security options Configure the security context under which the task is run.

• If the preference item is part of Computer Configuration , by default the task is run in the security context of the SYSTEM account.

• If the preference item is part of User Configuration , by default the task is run in the security context of the logged-on user. Unless you provide credentials, the task is run only if the user is logged on to the computer, but can continue after the user logs off.

• To run a task under the security context of a specified account (regardless of whether that account is logged on), click Change User or Group , enter credentials for the account, and then click Run whether user is logged on or not .

Did you add the task in Computer- or Userconfiguration in the GPO? CorrectDomain\PRMRH$ is the computers account in the domain not the hostname. — lsmooth, Sep 11 '13 at 16:43
OK, I tried using the "SYSTEM" account, no luck. It will not run with it. BUT it will run with "BUILTIN\users" — Logman, Sep 11 '13 at 20:10

lsmooth · Accepted Answer · 2013-09-11T22:36:46.643

The Computer Configuration part of a GPO is applied when the machine boots before you can login. The User Configuration part of a GPO is applied whenever a user logs in. That is also the reason why you have to reboot the machine when you change certain settings in the Computer Configuration while you only need to log out and back in when you changed the User Configuration.

So when you add a scheduled task to the Computer Configuration it will be applied using the machine account CorrectDomain\PRMRH$ and also executed with it in your case. If you want the task to be executed for each user that logs onto a computer you need to add it to the User Configuration of the GPO.

env variable: username returns hostname within a Scheduled Task - GPO

1 Answers1