Env variable: username returns hostname within a Scheduled Task – GPO

environment-variablesgroup-policyscheduled-taskwindows-server-2012

I am editing a Group Policy Scheduled Task.
In General, Security Options "When running the task, use the following user account:" I have the following-

%USERDOMAIN%\%USERNAME%

Updating the gpo, and checking the result on a workstation, I see that the UserDomain was set correctly, except that the Username was NOT set correctly. It actually put the Hostname of the computer instead…example result:

CorrectDomain\PRMRH$

There are no errors, nothing in the event logs. It just will not run.
I removed the %USERDOMAIN% and left just %USERNAME%, it will display "PRMRH$" in the scheduled task.

Should I be using something other than %USERNAME% ??

EDIT: MS HELP FILE STATES:

Security options Configure the security context under which the
task is run.

• If the preference item is part of Computer
Configuration , by default the task is run in the security context of
the SYSTEM account.

• If the preference item is part of User Configuration , by default
the task is run in the security context of the logged-on user. Unless
you provide credentials, the task is run only if the user is logged on
to the computer, but can continue after the user logs off.

• To run a task under the security context of a specified account
(regardless of whether that account is logged on), click Change User
or Group , enter credentials for the account, and then click Run
whether user is logged on or not .

Best Answer

The Computer Configuration part of a GPO is applied when the machine boots before you can login. The User Configuration part of a GPO is applied whenever a user logs in. That is also the reason why you have to reboot the machine when you change certain settings in the Computer Configuration while you only need to log out and back in when you changed the User Configuration.

So when you add a scheduled task to the Computer Configuration it will be applied using the machine account CorrectDomain\PRMRH$ and also executed with it in your case. If you want the task to be executed for each user that logs onto a computer you need to add it to the User Configuration of the GPO.

Related Topic