Information Technology Reference
In-Depth Information
Thought experiment
Running batch jobs as an administrator
In this thought experiment, apply what you've learned about this objective. You can
find answers to these questions in the “Answers” section at the end of this chapter.
You are the network administrator for TreyResearch.net. Your environment requires
administrative privilege to perform periodic backup and cleanup operations. You
want to automate these operations without adding an administrative account that
could create a potential security exposure. You create a Windows PowerShell script,
Start-myDailyCleanup.ps1, to run the tasks. and it works when run interactively by
an administrator.
1.
What kind of account should you use to run the script automatically?
A.
Regular user account with Run as Batch permissions
B.
MSA
C.
Virtual account
D.
gMSA
2.
Which commands do you use to initialize the environment for your chosen
account?
3.
What other considerations are there for running the script as a scheduled task?
■
Service accounts are local or domain accounts created for and used by local
applications and services.
■
MSAs are Active Directory accounts that are tied to a specific computer.
■
MSAs use a complex generated password that is maintained automatically.
■
gMSAs extend MSAs to support multiple servers with a single account.
■
gMSAs can be used for scheduled tasks, IIS application pools, SQL Server, and
Microsoft Exchange.
■
Kerberos delegation is improved in Windows Server 2012 and Windows Server 2012 R2
to provide resource-based Kerberos delegation.
■
Virtual accounts are automatically created when you assign them to a service or IIS
AppPool. They require no additional management and are a good solution for services
that don't require network access to resources.
