Merge pull request #188 from sigv/modules-10986

(MODULES-10986) Fix gMSA username support

Author: DavidS

REFERENCE.md

@@ -197,9 +197,10 @@ Please also note that Puppet must be running as a privileged user
 in order to manage `scheduled_task` resources. Running as an
 unprivileged user will result in 'access denied' errors.
 
-If a user is specified without an accompanying password, the
-task will be created with `Run only when user is logged on`
-specified.
+If a user is specified without an accompanying password, and the
+user does not end with a dollar sign (`$`) signifying a Group
+Managed Service Account (gMSA), the task will be created with
+`Run only when user is logged on` specified.
 
 Default value: `system`
 

lib/puppet/type/scheduled_task.rb

@@ -79,9 +79,10 @@
       in order to manage `scheduled_task` resources. Running as an
       unprivileged user will result in 'access denied' errors.
 
-      If a user is specified without an accompanying password, the
-      task will be created with `Run only when user is logged on`
-      specified."
+      If a user is specified without an accompanying password, and the
+      user does not end with a dollar sign (`$`) signifying a Group
+      Managed Service Account (gMSA), the task will be created with
+      `Run only when user is logged on` specified."
 
     defaultto :system
 

lib/puppet_x/puppetlabs/scheduled_task/task.rb

@@ -359,7 +359,7 @@ def set_account_information(user, password)
         @definition.Principal.LogonType = TASK_LOGON_TYPE::TASK_LOGON_SERVICE_ACCOUNT
       else
         @definition.Principal.UserId = user
-        @definition.Principal.LogonType = if @task_password
+        @definition.Principal.LogonType = if @task_password || user[-1] == '$'
                                             TASK_LOGON_TYPE::TASK_LOGON_PASSWORD
                                           else
                                             TASK_LOGON_TYPE::TASK_LOGON_INTERACTIVE_TOKEN