Works locally but Doesn't run on logon "Kinda"

Welcome Forums General PowerShell Q&A Works locally but Doesn't run on logon "Kinda"

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
1 year, 4 months ago.

  • Author
    Posts
  • #85165

    Participant
    Points: 0
    Rank: Member

    So this script runs great with no issues when I run it from the users account. However when I turned this into a logon script it doesn't map the drive or set the permissions... but it does create the folder. I was hoping to get another set of eyes on my script to get opinions on whether or not this was a scripting or administration issue.

    It is not failing at (!(test-path "$FolderPath")), as it does recreate the folder.

    $FolderPath = "\\server\users\$env:username"
    if (!(test-path "$FolderPath")) {
        $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit
        $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly
        New-Item -ItemType directory -Path $FolderPath
        $acl = Get-Acl $FolderPath
        $acl.SetAccessRuleProtection($True, $False)
        $acl.Access | % { $acl.RemoveAccessRule($_) }
        $acl.SetOwner([System.Security.Principal.NTAccount] $env:USERNAME)
        $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$env:username", 'modify', 'Allow')
        $acl.AddAccessRule($rule)
        (Get-Item $FolderPath).SetAccessControl($acl)
        $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("LTPC-DOM\Domain Admins", "FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") 
        $acl.AddAccessRule($rule)
        (Get-Item $FolderPath).SetAccessControl($acl)
        (New-Object -ComObject "Wscript.Network").MapNetworkDrive("V:", "$FolderPath")
    }
    
  • #85166

    Participant
    Points: 0
    Rank: Member

    Never Mind! It was an administration problem. In case your interested...

    In that same GPO I forgot I setup a setting to add that folder, so when it ran the script it in fact did fail at:

    if (!(test-path "$FolderPath")) {
    
  • #85169

    Participant
    Points: 639
    Helping Hand
    Rank: Major Contributor

    Is the logon script running as a computer or user policy? Basically, it's a question of the context the script is being executed as during logon. You may want to just add some code that creates a log on the computer that indicates the context the script is executing as (see the first couple lines of this script: https://blogs.msdn.microsoft.com/virtual_pc_guy/2010/09/23/a-self-elevating-powershell-script/) to validate it's executed in the correct context. If that is correct, what are the permission on the root Users share? Do users have FULL control to create a folder and set permissions?

    [edit] Just saw you figured it out. Happy Holidays!

The topic ‘Works locally but Doesn't run on logon "Kinda"’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort