question

ValterLafratta-0162 avatar image
0 Votes"
ValterLafratta-0162 asked ValterLafratta-0377 answered

Scheduler task, GPO and wbadmin command in Workstations

Hello everybody,

After racking my brain for three weeks trying to apply a task that executes the WBADMIN command on each workstation, I still can't find the correct answer, so I came here to ask for help.
In Windows Server I created a GPO to run a scheduled task, the task, run the wbadmin command and thus perform backups on a NAS.

The only way to deploy the task it's thru the SYSTEM account, as administrator no way jose.
The SYSTEM account cannot run the WBADMIN command. (the task starts without problem, but not the command)
I created a batch file, with the WBADMIN command, and gave the account SYSTEM the permissions (local and domain) to run the batch files. (the task run without problem, but not the command)
I created another batch file with runas command, so it can be start the first batch file (task run without problem, the batch file with runas command ask for admin credentials) (useless)
Created a user and added it to the Backup Operators and Administrator group (local and domain) change the admin in runas batch file (it doesn't execute command, access denied)
I have tried creating files in .ps1, .vbs and .exe with the same result, it just doesn't do system backup.

In Windows Server I executed the command wbadmin with the psexec commad from the pstools, and everything go as it suppost to go, but it's in Windows Server, no idea how can run psexec in every workstation.

The solution must be only based on Windows.

Am I missing something here?

Thanks in advance.

windows-10-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YuhanDeng-MSFT avatar image
0 Votes"
YuhanDeng-MSFT answered

Hi Valter,
For the wbadmin codes maybe you can refer to this topic:
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wbadmin
And for the runas codes you can refer to this:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc771525(v=ws.11)

This issue is actually not within the forum scope, for better support I would suggest that you try github:
https://github.com

Thanks for your understanding.
Best Regards,
Danny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ValterLafratta-0162 avatar image
0 Votes"
ValterLafratta-0162 answered YuhanDeng-MSFT commented

Hi Yuhan,

Thanks for your reply.
The wbadmin commands are very clear, though thanks for the link.
The runas command link, is a dead end, 404.

I sure will and try to ask on GitHub.
Thanks again and have a nice day!

Valter.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Valter,
Thanks for your feedback.

Have a nice day!
Best regards,
Danny

0 Votes 0 ·
ValterLafratta-0377 avatar image
0 Votes"
ValterLafratta-0377 answered

For those who are stuck in the same problem/situation than me, the solution for me was this:

  1. Created the GPO in the DC

  2. In this GPO created a task in Computer Configuration/Preferences/Control Panel Settings with the NT AUTHORITY/SYSTEM account, with the highest privileges.

  3. Added the triggers, two to be exact, one to run the task, the second to create the event on the Event Viewer under Microsoft-Windows-WindowsBackup with the Event ID 4

  4. On Actions, start psexec.exe from PsTools (click here to download the package), in the argument section, I added -i -s /accepteula C:\batchfile.bat (the batch file contain the commands for wbadmin to start the backup)

  5. For conditions and settings section, I leave you at your choice.

  6. In Computer Configuration/Preferences/Windows Settings/Folders I added to create two folders Script on C:\ and PsTools on C:\Script

  7. In Computer Configuration/Preferences/Windows Settings/Files I added to Update the batchfile to C:\Script, the psexec.exe and the eula.txt from PsTools to C:\Script\PsTools.

  8. In Computer Configuration/Preferences/Windows Settings/Control Panel Settings, I added the account SYSTEM to the local group of administrators, to update the local group.

  9. In Computer Configuration/Policies/Windows Settings/Security Settings/Local Settings/User Rights Assignment, I added the SYSTEM account to Log on as batch job setting.

  10. To conclude, I also added the SYSTEM account to the Administrators Group in the Domain Controller.

That's it.

Regards to all

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.