PL
Configured tasks can be started using Ivanti EPM Scheduler Service.
It is advised, to configure Landesk Scheduler Service (SchedSvc) with a domain user account. This account should have administrative privileges to managed systems.
During the initial configuration of CORE server the LocalSystem account is replaced with domain user account or even domain admin user account.
I would like to check if Scheduler service configured with LocalSystem account can manage a domain computer using server CORE domain computer account. Ivanti EPM version 2020.1 was used for LAB tests.
A domain global group called “WorkstationAdmins” was cereated with server CORE domain computer account as a member.
Using a GPO object with Preferences domain group WorkstationAdmins is added to local Administrators group.
Having described configuration finished, you can start a test. Testing workstation (inside OU targeted by GPO) should be discovered first (by network scan). Then this device is dragged into Windows Agent Configuration task and task is started.
The task is working for some time and the machine appears to be managed by Ivanti EPM.
As you can see the task was successful and EPM Agent was installed.
You can check there is no alternate credentials to be used by the scheduler service:
You can leave the LocalSystem account as Landesk Scheduler Service (SchedSvc) account and using the computer account of CORE Server assure the ability to manage domain computers without using a dedicated domain account especially a domain admin account. There is no service user account, then there is no password change problem.