Scheduled Powershell Tasks

When setting up a powershell scheduled task the program should be:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

The arguments should be the location of the powershell script:

 -command ". ‘<location of script.ps1>’"

The arguments for an exchange task are slightly different as you will need to run an Exchange powershell session to get the required modules:

-command ". 'D:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer <CAS Server>; <script.ps1>"

Note to self, the sender address for a windows scheduled task on an exchange server using the PowerShell command Send-MailMessage seems to need to match the email address of the account running the task.

Update: security policy may stop you from saving the password for the account running the task.  Check this policy either in local or group policy.

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\

Policy:

Network access: Do not allow storage of passwords and credentials for network authentication
[disable] to allow the password to be saved.

RDP with NLA

I recently enabled network level authentication for RDP on some servers to close a security audit point and found a problem with accounts that have computers configured under the userWorkstations attribute in AD. This is set on the account tab using the log on to button. If the account used for RDP to a remote machine isn't allowed to logon to the local machine then RDP will fail with an error "the local security authority cannot be contacted." It didn't strike me as the most obvious thing as I assumed all authentication would be with the remote machine for NLA but it appears the use must authenticate locally first to create the RDP session.