0

I am trying to monitor Scheduled tasks and Services remotely(from a different domain) on windows servers (domain controllers) ; we are planning to implement a minimum required delegation model for this part; i tried multiple options, but only thing which works in adding the service account to "Administrators" group, which is not desirable. How else i could achieve this with minimum delegation? Below tasks need to be implemented.

-> Read scheduled tasks either via "schtasks" or powershell commands. -> Get AD services using either WMI or powershell commands.

Please do feel free to let me know if any extra info needed.

Darktux
  • 827
  • 5
  • 20
  • 36

1 Answers1

1

Some vended solutions probably don't offer much flexibility for their pre-built monitors. But if you're committed to the goal of monitoring without admin privileges and have some flexibility, you should be able to passively monitor the results of scheduled tasks by reading the TaskScheduler event log. This can be done my non admin users who have membership in the Event Log Readers group. It is a local group on each member server, or domain local group for DC logs. Applications and Services Logs / Microsoft / Windows / TaskScheduler / Operational

If your monitor requires admin access to do the monitoring, you could add it to administrators and somewhat mitigate that by deploying a policy to Deny Local Logons for that account.

Clayton
  • 4,483
  • 16
  • 24