I'm trying to run a powershell script as a service account via task scheduler. It has to run as the service account (rather than the local system) to get required permissions to do some of the tasks.
For security purposes, all service accounts in the domain cannot log into machines (set via GPO "Deny log on locally" and "Deny log on through Remote Desktop Services").
Unfortunately setting this policy disables powershell from working.
Is there any way to launch powershell without the ability to log on to the PC? I've tried using the -NoProfile switch but it also doesn't work.
The only solution I've come up with is to create a different account (outside of our "service account" group that denies local log in) and limit this account to log on to the single machine that the script needs to run on.
If your service account has been denied permission to logon then it won't be able to login. Ask your security people to see if you can set the GPO of "Deny Interactive Login" for that PC