Logon Error using run as service account in task sequence

[pamulli]

I have a standalone task sequence that is not part of OSD so there is no domain join step and I'm trying to use a valid service account to run a script, but it's getting a logon error. The exact same step is copied out of an OSD task sequence with a domain join step and it works fine in the source task sequence. From some research, it seems the issue is that it needs the domain join account/step in order to be able to validate the account credentials. So my question is, how can I do this with a standalone task sequence that is not for OSD without embedding domain credentials in the actual script?

For background, the script is moving the system to an AD group, which is why it has to run as a service account and it's being run on systems that are already built and joined to the domain. I've tried it with the Run PowerShell step option using PowerShell and I've tried it with the Run Command option using VBS and have the same issue regardless.

This is the error from the smsts.log

::LogonUser(sUserAccountName, sUserDomainName, sUserPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hUserToken), HRESULT=80070569 (K:\dbs\sh\cmgm\1026_005344\cmd\1b\src\client\OsDeployment\InstallSoftware\runcommandline.cpp,226)                InstallSoftware  6/27/2024 11:07:45 AM 20732 (0x50FC)

LogonUser failed with the error 0x80070569       InstallSoftware  6/27/2024 11:07:45 AM 20732 (0x50FC)

cmd.Execute(pszPkgID, sProgramName.c_str(), sOutputVariableName.c_str(), dwCmdLineExitCode), HRESULT=80070569 (K:\dbs\sh\cmgm\1026_005344\cmd\1b\src\client\OsDeployment\InstallSoftware\main.cpp,395)                InstallSoftware  6/27/2024 11:07:45 AM 20732 (0x50FC)

Install Software failed to run command line, hr=0x80070569        InstallSoftware  6/27/2024 11:07:45 AM 20732 (0x50FC)

Process completed with exit code 2147943785   TSManager         6/27/2024 11:07:45 AM 21716 (0x54D4)

!--------------------------------------------------------------------------------------------!   TSManager         6/27/2024 11:07:45 AM                21716 (0x54D4)

Failed to run the action: Run Win11_AADGroupMovesIntuneLaps.vbs. Error -2147023511              TSManager                6/27/2024 11:07:45 AM 21716 (0x54D4)

[pamulli]

In case anyone else encounters this, the issue is that using the run as feature in a task sequence that isn't OSD seems to require an account with interactive login. If it's an OSD task sequence, interactive login is not required. I had to call the credentials in the script and use a variable for the password to get around this.