How to determine if a task or policy is being run under a specified user account
search cancel

How to determine if a task or policy is being run under a specified user account

book

Article ID: 170069

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

By default, a task or policy is set to run as Local System Account. If you were to click on the "Advanced" button of a given task or policy, you would be able to specify an account used to run the task or policy:

Environment

Symantec Management Platform 8.5, 8.6, 8.7

Resolution

Post-8.6 RU3:

ITMS 8.6 RU3 added new reports for this: These reports are integrated into default installation under Reports>All Reports>Notification Server Management>Server>Account Management
As an IT administrator, you can identify tasks and policies executed using custom credentials (other than the system account or the logged-on user), so you can determine the cause of authentication failures (inactive accounts or accounts with password changes).

5 reports have been added to help identify such cases:
-Collect Inventory with Specific User
-Managed Delivery with Specific User (each package can be installed with different credentials)
-Software Delivery with Specific User (Quick Delivery tasks)
-Task with Specific User (Script tasks)
-Directory Import with Specific User (AD Import)

You can also check any Task that may be running and compare what could be running on a regular basis:
KB 256311 "How to flush running or pending jobs within End user system" 

 

Pre-8.6 RU3:

If you would need to know what tasks are configured to run under an alternate account, follow these steps:

1. Open the attached "Find_Policy_or_Task_Using_Specified_User_Account.sql" SQL Query in SQL Server Management Studio.

2. Modify this line in the code with a specific user account that you are looking for:



3. Execute the modified SQL Query.


Note:
As well you can try running the following simplified queries just to have a general idea if there is something using the desired account:

--Query 1 (looking for places that were modified by the desired account (in this example 'epm\Administrator'):
select i.Name, cast (replace (cast (i.State as nvarchar (max)), '<modifiedBy>epm\Administrator</modifiedBy>', '') as xml)
from Item i
where replace (cast (i.State as nvarchar (max)), '<modifiedBy>epm\Administrator</modifiedBy>', '') like '%Administrator%'


--Query 2 (looking for places that were set to execute by the desired account (in this example 'epm\Administrator'):
select i.Name, cast (replace (cast (ivd.State as nvarchar (max)), '<modifiedBy>epm\Administrator</modifiedBy>', '') as xml), i.Guid
from Item i
join ItemVersions iv on iv.ItemGuid = i.Guid
join ItemVersionData ivd on ivd.VersionGuid = iv.VersionGuid
where replace (cast (ivd.State as nvarchar (max)), '<modifiedBy>epm\Administrator</modifiedBy>', '') like '%Administrator%'

Attachments

Find_Policy_or_Task_Using_Specified_User_Account.sql get_app