On Windows Server 2008 R2, one must specify a user for each scheduled task to run under.
We have a policy whereby each domain user must change their password every 30 days.
This creates a problem, as we have many scheduled tasks that need to run on a large number of servers. When the user associated with a given scheduled task's changes his/her password (as required every 30 days), the tasks all stop working (until you log in and change the password on the task).
We tried to run the scheduled tasks under the SYSTEM account but this did not work.
I have thought of creating a new account (SCHED_TASK) that can not log in interactively, is an administrator, and is exempted from the password change requirements.
This seems very much a "hack" to me. Is there a better way or a built in account of some sort that we should use?
What is the best practice in this instance?