I have 2 scripts that work in my testing environment just fine but do not work in production. Script 1 reads a csv file to create AD accounts, then uses Invoke-Command with Script 2 to create user folders on the file server. All servers are 2008 and running PS v.3.
Script 2 runs New-Psdrive to connect back to Server 1, Test-Path to check for a csv file, then Copy-Item to copy the csv on to Server 2, then Remove-Psdrive.
Problem: I get "PermissionDenied" "UnauthorizedAccessException" on the Test-Path and Copy_Item commands only when using Invoke-Command on Server 1. I can run script 2 locally on server 2 and the commands succeed. Likewise, I can run both commands from server 1 using a PSsession and they execute as expected. I don't get an error with the New-Psdrive, and other commands seem to run on Server 2 like log creation and email.
I use the same user in all cases and shares/permissions are set to full for the user.
It appears that I can not use Test-Path/Copy-Item when I am doing so from Server 1 using PSsession or Invoke-Command. But if I am on Server 2 I can map the drive (New-PSdrive) and use Test-Path/Copy-Item.
It appears that this was a double-hop issue that is normally restricted. Rather than running Enable-WsManCredSSP, I chose to have Server 1 push the csv file to Server 2 rather than Server 2 doing a pull.
Why my test environment allowed this to happen is beyond me as WsManCredSSP is disabled by default.
The topic ‘Permission trouble using Invoke-Command with Test-Path and Copy-Item’ is closed to new replies.