Server Groups - Run As Option
There are times when the drain and resume scripts may need to run as an account other than the local system account of the server. We often support "clustered" servers that rely on a clustering method or data outside of Windows fail-over clustering (Exchange being a good example, but not the only use-case).
It would be nice to specify a run-as account for these scripts in order to reach out to external systems using a service account in order to authenticate to those systems for any required health checks prior to patching (drain script) or after patching (resume script). We could give the SamAccountName of each cluster member server the appropriate rights, but there are major security concerns with doing so. We can also embed credentials in the scripts, but even if we hash them first, this is still not a very secure option. There also isn't room to include credentials given the character limit of the scripts.