I've been using a PowerShell File Watcher on Server 2008 R2 and 2012 R2 for over a year to call a program when a file gets created in a specified folder. The watcher and program it calls worked on 2012 r2 previously and still works on 2008 R2. Recently, I noticed that that in 2012 R2, the Watcher appears to not be triggering at all.
A PowerShell created scheduled task which runs under a Group Managed Service Account (GMSA) (and set to highest privileges) runs a program that creates the Watcher. After that, the program is called by the Watcher to process the file just created. Both the Watcher and the program run under the same GMSA. In 2008, a normal Service Account is used. In troubleshooting, I've discovered that if I add the GMSA to the local Administrators group, the Watcher will start working again. This was not necessary when I initially set this up. Since the initial setup, I've applied Windows Updates and upgraded PowerShell to 5.0.
I've checked all the file and folder permissions as well as the PSSessionConfiguration and cannot determine why the account needs to be in the Administrators group (which is not acceptable). I've also tried granting some of the Administrators group's user rights to the GMSA. Since the same program and Watcher work on 2008, I'm thinking it has to be something in the 2012 environment.
Has anyone seen a problem similar to this or have any suggestions??