What are the minimal rights to connect remotely to a taskscheduler service on another server?
using (TaskService ts = new TaskService ("\\servername", "account", "domain", "password"))
Task t = ts.GetTask("MyTask");
The "account" is a valid account on our domain.
If the "account" is member of the local administrator group on the remote server, it works. The code can connect and run successfully the task.
But I don't want to put this account in the local administrator group on the remote server!
If I give the account only the right "Log on as batch job", I get
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at Microsoft.Win32.TaskScheduler.V2Interop.TaskSchedulerClass.Connect(Object serverName, Object user, Object domain, Object password)
In the Event Viewer I see a successful logon of the account and directly a logoff, probably because of the error.
(when the account is in the admin group, I see only a successful logon in the Event Viewer)
- Some mentioned on the internet to add read and execute rights for the used account on the c:\windows\system32\tasks folder ==> Like I thought already
didn't work, the error appears on the first line of the code when trying to connect, before trying to execute a task.
- Because of the word "Interop" in the error stack, I thought at a COM security problem, so I added the account to the COM security tab in the two sections
(run dcomcnfg, right-click on My Computer, take tab COM Security, add the account to Access Permissions and to Launch and Activation Permissions)
==> didn't work.
The windows firewall is disabled on the remote server, so it can't play a role here.
Any thoughts about this?
Is adding the account to the local administrator group the only way to connect remotely to the taskscheduler service?