To update the 'Log On As' property on a Windows Scheduled Task, you will need a credential with the appropriate permissions, such as an Administrator account.
When attaching a PAM script to a record, you have the option to add a Resource Credential that is passed to the Gateway as part of the BASE64-encoded JSON data. The above credential will need to be attached as a Resource Credential.
As many Resource Credentials can be attached to a PAM script, knowing the UID
of the Resource Credential you have attached helps ensure your script uses the correct one to update the Service's 'Log On As' property.
You can use the schtasks
command to update the credentials on the Scheduled Task. This command also requires the admin credentials mentioned above to perform the task.
Unfortunately, as the schtasks
command is not a PowerShell cmdlet, so its output will not be captured by $error
. Without additional error checking, regardless of the exit status of the schtasks
command, the gateway will always show success. To solve for this, you can check $LastExitCode
after each call to schtasks
.