[gptalk] Re: disable Integrated Windows Authentication in IE6 w/ GP

  • From: "Randy Benson" <randybenson@xxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 21 May 2007 17:00:05 -0700

Thanks Jamie, I'll try that tonight and report back...
 
Questions: 
 
What rights does SYSTEM need (that it doesn't have by default) to run
NTBACKUP?
 
The SYSTEM account is a GROUP for permission purposes, right? Do I leave the
password blank when I change the account to SYSTEM?
 
Thanks again,
Randy


  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Nelson, Jamie R Contr 72 CS/SCBAF
Sent: Monday, May 21, 2007 12:38 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: disable Integrated Windows Authentication in IE6 w/ GP



Have you tried running the task with the SYSTEM account and then giving the
computer rights to wherever it needs to copy the file to? That is easier
anyway because you don't have to go around updating every scheduled task
each time you change your password.

 

//signed//
Jamie R Nelson
Systems Engineer
Ingenium Corporation


  _____  


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Randy Benson
Sent: Monday, May 21, 2007 2:33 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] disable Integrated Windows Authentication in IE6 w/ GP

 

On a W2k3 domain controller I have a scheduled task that invokes a batch
file to zip an existing .bkf file and move it to off-server storage.

 

The task is set to run under my domain admin credentials, but fails to start
with no errors in the event log and "Could not start" in the Scheduled
Task's status line.

 

While googling on "integrated windows authentication" + scheduled, I hit on
a thread in microsoft.public.windows.server.security titled "Scheduled Tasks
- Strange Permissions Issue" that seems to have cured the problem by
disabling IWA in Internet Explorer(!) Options ->Advanced -> Enable IWA on
the DC.

 

However, I'm worried that this is not a good solution as Roger Abell pointed
out - that is, "the issue is still sitting there waiting to foul up an NTLM
based Windows integrated (re)login attempt"; 

 

My question is:

 

Is there something I can tweak in my DC GP to allow scheduled tasks to run
with IWA enabled?

 

TIA,

Randy Benson

W. R. BENSON & ASSOCIATES

Los Angeles, CA USA

 

 

Other related posts: