Scheduled Tasks do not store domain information of runas account
If you create a scheduled task in Server 2016, the domain information of the user is not saved or stored.
Getting the principal with powershell or exporting the task as xml does not show the domain information either.
Windows Task Scheduler now saves the user as a SID (security identifier - a bunch of numbers with hypens in it) instead of the "DOMAIN\USERNAME" and in my case it turns out that there was a new restrictive security privilege called SeDelegateSessionUserImpersonatePrivilege that is set to disabled.
Removing this privilege fixes my issue with the Task Scheduler in that it would run a task, but not as the user that was set to "Run as".
This is one of several task scheduler bugs introduced in 1607. I can't believe these bugs haven't been fixed yet (no change in 1703).
Other bugs include:
- repeating tasks only start when the starting date is set in the future
- updating Shadow Copy schedules does not update the associated scheduled tasks
- scheduled tasks with multiple actions only execute the first action, unless "run only when user is logged on" is selected