Group Policy Preference and Scheduled Tasks

For some reason it’s always the details in the basics that are the longest hurdle to get over. This particular topic is something that always needs to be re-googled before the last details are sorted out.

Purpose

To create a schedule task to either run as the system-account or the interactive user via Group Policy Preference.

The detail:

When resolving SYSTEM the normally resolved identity is BUILTIN\SYSTEM. Interactive is normally not able to resolve at all. This normally results in the following error client side when attempting to apply the Group Policy

‘0x80070534 No mapping between account names and security IDs was done.’

What should be done?

Click the Change User or Group and select the domain of your environment, and proceed to select the Builtin-container. This will resolve both Interactive (running in the user context of the logged on user) and system to NT Authority.

image

End-result;

image

or

image