Okay so let's clarify my title.
I have PAM in my sandbox environnement.
The CA Process Automation service run as a domain account (zPAM_SB not to mention it), wich is part of the server's admin group.
I can login on the server with this account. I can run a script on the server with this account.
I have a simple .bat file containing :
@echo off
echo %USERNAME% > D:/temp/out.txt
I have a simple process with a run program operator that run this .bat file.
When PAM run as a domain account :
If I try to run this .bat as someone else (my personnal credentials actually). It crashes and says : cannot create process as user xxxxxxx - A required privilege is not held by the client.
If i do not specify a userid and a password to the run programm operator, the .bat file writes into out.txt as expected but it writes SYSTEM. Why the ****? PAM service runs as a zPAM_SB.
Even the wrapper and the two java process run as a zPAM_SB.
When PAM runs as local system account
If I try to run this .bat as someone else (my personnal credentials). It runs fine and it writes my USERNAME correctly in out.txt.
Can someone explain me this?