Determine if a task or policy is being run under a specified user account
search cancel

Determine if a task or policy is being run under a specified user account

book

Article ID: 170069

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

By default, a task or policy is set to run as Local System Account. If you were to click on the "Advanced" button of a given task or policy, you would be able to specify an account used to run the task or policy:

Resolution

Post-8.6 RU3:

ITMS 8.6 RU3 added new reports for this: These reports are integrated into default installation under Reports>All Reports>Notification Server Management>Server>Account Management

You can identify tasks and policies executed using custom credentials (other than the system account or the logged-on user), so you can determine the cause of authentication failures (inactive accounts or accounts with password changes).

Five reports have been added to help identify such cases:

  • Collect Inventory with Specific User
  • Managed Delivery with Specific User (each package can be installed with different credentials)
  • Software Delivery with Specific User (Quick Delivery tasks)
  • Task with Specific User (Script tasks)
  • Directory Import with Specific User (AD Import)

You can also check any Task that may be running and compare what may be executing frequently:

Need to stop running or pending jobs within End user system

 

Additional Information

Steps used Pre-8.6 RU3:

If you would need to know what tasks are configured to run under an alternate account, follow these steps:

1. Open the attached "Find_Policy_or_Task_Using_Specified_User_Account.sql" SQL Query in SQL Server Management Studio.

2. Modify this line in the code with a specific user account that you are looking for:

3. Execute the modified SQL Query.


NOTE: Also you can try running the following simplified queries just to have a general idea if there is something using the desired account:
Query 1: Looking for places that were modified by the desired account (in this example 'epm\Administrator'):

select i.Name, cast (replace (cast (i.State as nvarchar (max)), '<modifiedBy>epm\Administrator</modifiedBy>', '') as xml)
from Item i
where replace (cast (i.State as nvarchar (max)), '<modifiedBy>epm\Administrator</modifiedBy>', '') like '%Administrator%'


Query 2: Looking for places that were set to execute by the desired account (in this example 'epm\Administrator'):

select i.Name, cast (replace (cast (ivd.State as nvarchar (max)), '<modifiedBy>epm\Administrator</modifiedBy>', '') as xml), i.Guid
from Item i
join ItemVersions iv on iv.ItemGuid = i.Guid
join ItemVersionData ivd on ivd.VersionGuid = iv.VersionGuid
where replace (cast (ivd.State as nvarchar (max)), '<modifiedBy>epm\Administrator</modifiedBy>', '') like '%Administrator%'

Attachments

Find_Policy_or_Task_Using_Specified_User_Account.sql get_app
Powered by Wolken Software