Monday, April 30, 2012

Task Scheduler Does Not Save Network Credentials

Whether it’s PCI, HIPAA, CSOX or another compliance program that effects your organization, server hardening is most likely part of the program. Its one thing to provision a hardened server and then get you application installed and working correctly – your server’s behaviour doesn’t change after it’s provisioned. However when the hardening settings are pushed out post production the server’s behavior may change where things that once worked no longer do. For example recently I had an issue where a scheduled task on one of my servers would no longer store the network credentials of the service account that was running the job. What once worked, no longer did.

After a little digging I found that a security setting on the box had been updated. The following setting, Network access: Do not allow storage of credentials or .NET Passports for network authentication had been changed from disabled to enabled in the local security policy. For more information on this setting check out TechNet. Once this setting was reverted back to the default setting the scheduled task get be set to use a domain service account.