I am testing scripts on my Domain Controllers and they are not running.  So I built a custom inventory rule that just returns "whoami".  This obviously returns "nt authority\system" as expected for all non-Domain Controllers.  It does not run on the domain controllers, so I do not know what context the agent runs under.  A couple other custom inventory rules do run on the DC, so the agent can run some commands. 

Thanks for any help.

Answer Summary:
0 Comments   [ - ] Hide Comments


Please log in to comment

Community Chosen Answer



The problem was just with powershell scripts.  And the cause was that there is not a 32-bit version of powershell installed by default on Server Core 2008 R2.  Changing the script to utilize the sysnative path to access the 64-bit version of powershell resolved this problem. 

Answered 06/11/2013 by: dimitris
Purple Belt

Please log in to comment
Answer this question or Comment on this question for clarity



Active Directory has introduced new levels to server security management. If you would like to grant a remote administrator the rights to install software or services on a domain controller, that person would have to be a domain administrator.

Answered 06/10/2013 by: SMal.tmcc
Red Belt

  • That makes sense. But the agent does run on Domain Controllers and does have some level of access as all the hardware/software fields are populated on the appliance. I imagine it is with the System account. I was just wanting to confirm that this context is what it is running under and if that context should have rights to run scripts. If not, is there a non domain admin user setup that will allow running scripts via the appliance through the agent. Thanks.
    • You most likely installed the agent as a DA. Once installed it runs a service as system to do tasks. Due to security we do not even put the agent on any of our DC's so I can not help you with a work around, maybe someone else will give you the work around.
Please log in to comment