Worklet that interacts with GPO on a Domain Controller?

  • 3 July 2024
  • 1 reply



We’re encountering a problem where we are running a worklet to import a Group Policy object on a domain controller - the Automox worklet runs as System so has no domain permissions to be able to interact with Group Policy.  Has anyone found a way to run a set of PowerShell commands within a worklet as a domain user with elevated privileges, eg. Domain Admin?


1 reply

Userlevel 3

Hey @MRaybone!

While you are correct in that Worklets run as SYSTEM, we do have functions within the Worklet Development Kit that you can use to impersonate or run processes as a current user:


That said, I think I’d need to learn more about what you are trying to achieve here.


Are you attempting to use the Import-GPO cmdlet to replicate a GPO backup to a new domain controller? If so, my first thought is you could use Start-Process to invoke powershell.exe and then pass the -Credential parameter to it.  Using Automox Shared Secrets, you could then pass your creds securely through the pipeline.

If you can share the script or methods you’re investigating, I’ll see how we can help!