Author Posts

June 3, 2015 at 7:44 am

Hi folks,

I have 2 scripts that work in my testing environment just fine but do not work in production. Script 1 reads a csv file to create AD accounts, then uses Invoke-Command with Script 2 to create user folders on the file server. All servers are 2008 and running PS v.3.

Script 2 runs New-Psdrive to connect back to Server 1, Test-Path to check for a csv file, then Copy-Item to copy the csv on to Server 2, then Remove-Psdrive.

Problem: I get "PermissionDenied" "UnauthorizedAccessException" on the Test-Path and Copy_Item commands only when using Invoke-Command on Server 1. I can run script 2 locally on server 2 and the commands succeed. Likewise, I can run both commands from server 1 using a PSsession and they execute as expected. I don't get an error with the New-Psdrive, and other commands seem to run on Server 2 like log creation and email.

I use the same user in all cases and shares/permissions are set to full for the user.

Any ideas?

-Shawn

June 3, 2015 at 8:55 am

Change that:

It appears that I can not use Test-Path/Copy-Item when I am doing so from Server 1 using PSsession or Invoke-Command. But if I am on Server 2 I can map the drive (New-PSdrive) and use Test-Path/Copy-Item.

-Shawn

June 4, 2015 at 1:17 pm

Solved:

It appears that this was a double-hop issue that is normally restricted. Rather than running Enable-WsManCredSSP, I chose to have Server 1 push the csv file to Server 2 rather than Server 2 doing a pull.

Why my test environment allowed this to happen is beyond me as WsManCredSSP is disabled by default.

-Shawn