Scheduled task deployed via GP, that runs a powershell script on a network share by a AD service account


I've created a powershell script that runs Chocolatey updates as well as does some logging locally and on a network share. The script itself resides on a network share, and I'm hoping to be able to have clients run it from there.

The idea is that I deploy the scheduled task to run the script via GPO. I've tried doing so as with a computer policy and a user policy, and defining the active directory service account in the scheduled task GPO gui.

For actions, I chose powershell.exe -NonInteractive -WindowStyle Hidden -ExecutionPolicy bypass -file \\networkshare\scripts\script.ps1

Under security options I define the service account to run the task and check "Run whether user is logged on or not", and "Run with highest privileges"

This service account, for troubleshooting purposes is the OUADMIN group, and I confirmed that the account has access to the network share.

I apply the GPO to my machine, check in event log, and I find this error:

The computer 'ChocoUpdate' preference item in the Chocolatey Sch Task Testing {BDF8E170-C909-4115-8909-D42792DF977A} Group Policy Object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed.

What am I missing here? Is there a better way to do this?

asked on Server Fault Jun 2, 2015 by greasewiz • edited Jun 2, 2015 by sebix

1 Answer


This error indicates a permissions issue with the GPO, not with your script. You can verify this by scheduling it manually in task scheduler on the local machine and checking that it works then (and/or manually running the task).

Check the permissions on the GPO under Security Filtering on the Scope tab, and also check the granular permissions on the Delegation tab. The computer account to which you're assigning the GPO must have appropriate permissions to read and run the GPO.

answered on Server Fault Jun 3, 2015 by Matt

User contributions licensed under CC BY-SA 3.0