I have a Powershell script which I run via the Windows Task Scheduler on a Windows 2016 server.
The script uses the guidance in https://winscp.net/eng/docs/guide_protecting_credentials_for_automation
Whilst logged on as the account that will run the scheduled task, I used ConvertFrom-SecureString to encrypt the password, then stored the encrypted password in an XML file. The script uses ConvertTo-SecureString on the password read from the XML file and assigns the result to SessionOptions.SecurePassword.
I use SessionLogPath to log WinSCP's actions.
The scheduled task runs exactly as expected when the user is logged in. But when the user is logged out, it doesn't. The scheduled task runs (it is configured to run whether the user is logged in or not) but no SessionLog is created. I have been able to determine that the script gets to the Session.Open before it stops working.
If I use the password in plain text in the XML file, and assign that to SessionOptions.Password, the script works fine, whether the user is logged in or not.
I think this means that the script is unable to decrypt the password when running with the user logged out, but I don't understand why. The scheduled task uses the same account that was used to encrypt the password.
What am I missing?
Let me know if any further information is needed - as this is a lengthy post already, I didn't want to overload it with too much information that isn't necessary. Thanks in advance for any help.