Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access Denied for batch file

Status
Not open for further replies.
SteveAudus

SteveAudus

Technical User
Oct 4, 2001
409
GB
Dear All,
I have a batch file that is set to run each night, that clears unwanted profiles and temp file from all my workstations. But the strange thing is, when I come in, in the morning I have loads of this error from the file.

"AdjustTokenPrileges enable failed. Access is denied"

but the strange thing is if I just click on the bat file.
It will run through brilliantly with no Access errors...!!!

It is only when the scheduled batch file runs in the middle
of the night that I receive the errors.

Any Suggestions?

Steve Audus
Chaucer Community School


 
Sort by date Sort by votes
Check that account that the scheduler service uses.

It shouldn't be the system account. If it is change it.
 
Upvote 0 Downvote
Create an domain account with rights that the user needs. Say 'Domain Admins' and drop that group in every PC's local admin group. Then schedule each bat file on each PC to run as the new domain user, who is admin, every night.

If you right click the scheduled task, then properites, look at the 'Run As'. This is where you will enter the new domain user. Remember to include the domain name also like such:


XYZDomain\batchuser



HTH - Mike
 
Upvote 0 Downvote
And use User Manager for Domains to make sure that the account you set up to run the Scheduler service has that 'AdjustTokenPriviledges' right assigned to it.

ShackDaddy
 
Upvote 0 Downvote
I'm Sorry I am just confused now.

The scheduled batch file is run on the server, by the Administrator User, it just deletes items from the workstations. it's not run on the workstations.

Surely the Administrator has the rights to carry out theses actions? It does when I click on it.

How do I right click on the scheduled task when it's just a "AT" command on the cmd line?

and How do I use use the User Manager for Domains to make sure that administrator is set up to run the Scheduler service has that 'AdjustTokenPriviledges' rights assigned to it. I can't find anything under User Policy Rights, about
AdjustTokenPriviledges only things close are "Create Token Object" "Replace a process Level Token" and administrator has rights for everything.

Sorry if am being stupid.

Thanks for your help.

Steve Audus
Chaucer Community School



 
Upvote 0 Downvote
On the server goto Start - Settings - Control Panel.
In the control panel there will be an applet called services. Open this and go down to the schedule service. CLick on startup and there should be a section "Log in As"
Make sure this is not set to system account as this account does not have networking rights.
 
Upvote 0 Downvote
Steve:

Did you every get this to work? I have the exact same situation. I have a batch file that won't run via AT scheduler on NT 4.o, but when I log on locally, it will run fine. Any ideas that worked?

Thanks!

Sarah
 
Upvote 0 Downvote
If you run NT Explorer from your server console, you should see an item called scheduled tasks, there should be an entry on the right hand pane for your task...??? Double click on the Icon for the task you need to modify...on the "Task" tab there's an entry at the bottom for "Run as:", in the box you need to enter a Domain User name with full network privileges - enter the name as DomainName\Username....(yourdomain\administrator)...

Even if you have entered the task using the AT command when logged on as Administrator, as Ensorg has said the Task Scheduler on your server is using the Local System account to run tasks, this account has no rights to access network resources....

Hope this helps.....
 
Upvote 0 Downvote
Thanks for all this help, it's great...

I have checked the Task Schedular in services,
and the strange thing is the tick box for
Allow Service to interact with Desktop, is the only avaiable option.
Everything else is greyed out. Any Suggestions?

Also using the Scheduled Task in the my NT explorer,
(which am sure didn't used to be there)
I have looked at the task to run the batch file.
The task runs as DOMAIN\Administrator
Do I have to enter the password for Administrator?

Thanks again for all the help.
Steve Audus
Chaucer community School
 
Upvote 0 Downvote
Are you not able to select "This Account" See image below

service.jpg
 
Upvote 0 Downvote
Ensorg is this the "default" Task Scheduler from the basic NT install....???? If I check on our servers the service is named as "Task Scheduler".....???? I'm unable to change the start-up options for Task Scheduler, it seems it must default to local System account....

I'm sure in the past I've always had to enter the name of the account to use for the task within Task Scheduler if I needed the task to access network resources....

Steve, you need to click on the Set Password tab and eneter the appropriate password for the account you set-up for the job to run under......




 
Upvote 0 Downvote
Hi Highland,

On my server NT4 - SP6a the service is named "Scheduler".

I do all my scheduling using WINAT, I'm not sure if its an option to install the task scheduler as it does not appear on my NT server under My Computer in the way that it appears on my 2000 PC.
 
Upvote 0 Downvote
ensorg
yes everything on Task Scheduler in Services is greyed out like I said...strange... it's the same on my workstation..

I also did all my schedularing using WINAT, bacause I could swear that Scheduled Task in My Computer, didn't use to be there, Thats why I learned to use AT and WINAT


Highland
I will goto the task schedular find my scheduled batch file
and type my Administrator Password on it.

We will have to wait till Monday morning to see if it's worked.

I will let you all know,
Cheers
Steve
 
Upvote 0 Downvote
1) You don't have to do any thing with the 'Task Scheduler' Service. just go START/SETTINGS/CONTROL PANEL/SCHEDULED TASKS. Set your task 'Run As' to be a domain user who has rights to run as a service and batch.

2) open up user manager for domains. START/PROGRAMS/ADMINISTRATIVE TOOLS/USER MANAGER FOR DOMAINS.
Then find the user that you are going to use to run the task. Highlight that user, then click policys at the top of UMFD, then user rights. Once dialog box pops up, click show advanced user rights. You will see a drop down box named (Right:) Scroll down to ('Logon as a batch job','Logon on locally',and 'Logon as a service') rights, uour user needs to be listed here.

Try that. HTH
 
Upvote 0 Downvote
Well it's worked. YIIPPPIIIEEEE!!!!

Thanks all for your suggestions and help.

I believe it was the entering the password on
the task on Scheduled Task in My Computer.
that solved the problem. I don't know how you would do this from AT or WINAT?

I have checked out Stiddy "Suggestion"
and it was the Administrator that was running the tasks
and that user has full rights any way, but thanks for the suggestion.

Thanks to everyone that helped me out on this query.
Highland, ensorg, Stiddy.

Hope your batch files work now as well, Sarah.

Steve Audus
Chaucer Community School
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
767
gbaughma
gbaughma
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
358
hairlessupportmonkey
hairlessupportmonkey
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
621
mangentle
mangentle
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
639
fightaccording
fightaccording

Part and Inventory Search

Sponsor

Back
Top