We are running 3.7.13
I’m trying to run the following code. but get an
Failure | Logon failure: the user has not been granted the requested logon type at this computer
The code is:
Invoke-DbaQuery -sqlInstance $cmdb_sqlserver -Database $cmdb_sqldatabase -Query $sql -SqlCredential $cred
$cred is a variable and is a another service account(not the PSU service account) that have access to specific systems.
The issue is that I do not want my PSU Service account to have access to the SQL, therefore I have added the -sqlCredential to the command, However, my account in the $cred needs to be able to logon to the PSU server, I can see in the security log that it is failing with logon type 2.
The account only have access to logon as a batch and service on the PSU
If I grant my user local admin rights on the PSU server, then all is working fine, but I would rather not have my service account to have that kind of access to the PSU server
Why does it need to logon to the PSU server itself to be able to execute the command?
Or is there something I’m misunderstanding?