Author Posts

July 18, 2017 at 4:47 pm

I composed a simple script that will export Printer shares (settings and drives) to a remote repository. This script works when I run it locally, however ideally I would like to invoke this script from a central server. My central server is logged in with domain admin credentials. The script runs with domain admin privileges and both servers (central server and print servers) are in the same domain.

Here is the script that runs without issue on each server.

#Export Printer migration files
set-location C:\Windows\System32\spool\tools
$TimeStamp = (Get-Date).tostring("yyyyMMdd")
$PrintServer = '\\' + $env:COMPUTERNAME
$Repository = '\\cfs02\utility$\updates\PrinterMigrationFiles\' + $env:COMPUTERNAME + '\'
$FilePath = $Repository + $TimeStamp + '_' + $env:COMPUTERNAME + '.printerExport'

#Launch Export Copmmand
.\PrintBrm.exe -b -s $PrintServer -f $FilePath

[array]$sortedRepo = Get-ChildItem $Repository | Sort-Object -Descending LastAccessTime

#Clean up Repository to keep the last two latest files
if ($sortedRepo.Length -gt 3){
    
        for($i=2; $i -lt $sortedRepo.Length; $i++){    
        Remove-Item $sortedRepo[$i].FullName 
        }
}

I place the above script on the central server and run this command

$session = New-PSSession -ComputerName P5
Invoke-Command -Session $session   -FilePath .\Export-TP_printers.ps1 

I receive this output. The last entry indicates a failed access violation. I removed a portion of the printer queues for brevity. The last entry is a lie since I am running this as a domain admin.

Operation mode: backup
Target server: \\P5
Target file path: \\cfs02\utility$\updates\PrinterMigrationFiles\P5\20170718_P5.printerExport.
Queue publish mode: none
Overwrite mode: keep existing settings

LISTING PRINT QUEUES
EMI-HPAcct2
Donnelly-Front-Desk
...
...
..

172.26.179.24, TCP
172.26.179.25, TCP
172.26.180.20, TCP
172.26.198.20, TCP
172.26.9.20, TCP



The following error occurred: 0x80070005.
Access is denied.

Check if you are an administrator or member of the administrators group.
Check if you executed the tool with elevated permission.
Check the eventlog for detailed information about the error which occurred.

July 18, 2017 at 8:42 pm

Take a look at Secrets of Powershell Remoting in the eBooks section. The issue you are seeing is most likely a double-hop issue when you are trying to write to the remote share. If you just save the data to a local file (on server that is called), does the Invoke work?

July 18, 2017 at 9:52 pm

You need to allow delegation of credentials from server A to server B using the Enable-WSManCredSSP cmdlet with the right parameters for your environment.
Then when creating a new PSSession, use -Authentication Credssp.

Double-hop issue as Rob mentioned.