Author Posts

September 11, 2015 at 9:57 am

Invoke-Command -ComputerName Win8 -ScriptBlock {Get-EventLog -List | Export-Csv \\AD\Share\Test.csv}

Access to the path '\\AD\Share\Test.csv' is denied.
+ CategoryInfo : OpenError: (:) [Export-Csv], UnauthorizedAccessException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.ExportCsvCommand
+ PSComputerName : Win8

I have configured Everyone Full access

I would like the remote machine to do the work of exporting documents to a share.
Possibly in the future sorting and organizing logs.

invoke-command {get-eventlog -LogName System} -ComputerName win8 | Export-Csv C:\Names.csv

This command works fine

September 11, 2015 at 5:21 pm

Hi there!

So even though you have configured this to allow full access there is still going to be an issue with that remote machine delegating the credentials from your invoke command to connect to a share. This will work if you setup CredSSP (Enable-WSmanCredSSP) and specify the Client to be the server that you invoking the command from, You will also need to specify the delegate server who will receive these creds (or * for a lab environment).

After that you can invoke a command over to your remote machine and do:

Invoke-Command remotemachine {Enable-WSMANCredSSP -role Server} 

This will enable the remote machine to receive Creds from your Client server who will be sending them. Once that is setup you can run your command again, however this time it will need to look something like this.

 Invoke-Command -ComputerName Win8 -ScriptBlock {Get-EventLog -List | Export-Csv \\AD\Share\Test.csv} -Authentication CredSSP -Credential (Get-Credential) 

What may be an easier solution is simply creating a PSDrive like so.

 New-PSDrive -Name W -PSProvider FileSystem -Root \\machine\share

that way you can just do a Copy-Item to W:

Let us know how you go!

September 12, 2015 at 2:01 pm

Dont forget you can still use "Net Use", this works well with powershell
net use W: \\AD\Share

Invoke-Command -ComputerName Win8 -ScriptBlock {net use W: \\AD\Share} -Credentials Get-Credentials
Invoke-Command -ComputerName Win8 -ScriptBlock {Get-EventLog -List | Export-Csv W:\Test.csv} -Credentials Get-Credentials

I am not really good with scripting but i am sure you can run both commands in one script block.

March 30, 2016 at 7:24 pm

Please note, For accessing event logs, Windows PowerShell comes with Get-EventLog cmdlet:

Parameter Set: LogName
Get-EventLog [-LogName] [[-InstanceId] ]
[-After ] [-AsBaseObject] [-Before ]
[-ComputerName ] [-EntryType ]
[-Index ] [-Message ] [-Newest ]
[-Source ] [-UserName ] []

I reccommend you to automate the Powershell Export Log process rather than getting in the hassle of coding n scripting. http://eventlogxp.com/blog/exporting-event-logs-with-windows-powershell/ . It might help