Home > Back-end >  Get-ChildItem return access denied error when run as "SYSTEM"
Get-ChildItem return access denied error when run as "SYSTEM"

Time:09-25

I'm trying to create a script to get content of a folder across the network. I noticed that Get-Childitem throw "Access Denied" error on every other IP addresses in the list.

For example i listed the IP like this:

  • IP1
  • IP2
  • IP3
  • IP4

Get-ChildItem worked for IP1 and IP3 but return access denied error for IP2 and IP4. This only happens if I run the script on a console that run as SYSTEM. Edit: The remote tool I create this script for can only run console as system

Can someone tell me if there's anything in the code that might cause this issue?

#Set Variables
$pw = Read-Host -AsSecureString "Enter password"
$usrname = 'username'
$folderpath = 'C$\Folder\Subfolder1\Subfolder'

#Loop
foreach ($ipaddress in Get-Content -Path .\DeviceIPList.txt) {
$credential = New-Object System.Management.Automation.PsCredential("$ipaddress\$usrname",$pw)
    Try {
        if ($(Test-Path drv:) -eq 'True') {
            Remove-PSDrive "drv"
        } else { 
            New-PSDrive -Name "drv" -PSProvider FileSystem -Root "\\$ipaddress\C$" -Credential $credential -ErrorAction Stop | Out-Null
        } 
        $vhdfile = Get-ChildItem -path "\\$ipaddress\$folderpath" -ErrorAction Stop    
        Write-Host -ForegroundColor Green "$ipaddress,Found $vhdfile in $($folderpath.Replace('$',':'))"
        Write-Output "$ipaddress,Found $vhdfile in $($folderpath.Replace('$',':'))" | Out-File -Append .\Report.txt
        }
    Catch [System.ComponentModel.Win32Exception] {
        Write-Host -ForegroundColor Cyan "$ipaddress,$_"
        Write-Output "$ipaddress,$_" | Out-File -Append .\Report.txt
        }
    Catch {
        Write-Host -ForegroundColor Yellow "$ipaddress,$_"
        Write-Output "$ipaddress,$_" | Out-File -Append .\Report.txt
        }
    Finally {
        $error.Clear()
        Start-Sleep -Seconds 2
        net use \\$ipaddress\$folderpath /d 2>&1>$null
        }
}

CodePudding user response:

If drv: exists, your if statement here will remove it, but won't create a new drive. Try moving New-PSDrive outside the Else:

if ($(Test-Path drv:) -eq 'True') {
  Remove-PSDrive "drv"
} 
New-PSDrive -Name "drv" -PSProvider FileSystem -Root "\\$ipaddress\C$" -Credential $credential -ErrorAction Stop | Out-Null

This is an issue because you're using the whole \\$ip\c$\ unc in Get-ChildItem. If the drv: got removed, then you're asking Get-ChildItem to connect as the current user instead, which isn't going to work as system. It's also probably the reason you can connect every other time.

Using drv: should show you if this is the issue by throwing a "drv: doesn't exist" kind of error:

$folderpath = 'Folder\Subfolder1\Subfolder'
$vhdfile = Get-ChildItem -path "drv:\$folderpath" -ErrorAction Stop

It may be that SYSTEM is not able to use net use /d to remove the PSDrive - it may be throwing errors, but you've nulled its output. Try using Remove-PSDrive again here instead:

Finally {
  $error.Clear()
  Start-Sleep -Seconds 2
  Remove-PSDrive "drv"
}

Running as system is fine since you're giving different credentials to New-PSDrive.

Page link:https//www.codepudding.com/Backend/127046.html

Prev:Can a Static Method/Property be saved as a PowerShell Object?
Next:Powershell parameters passing in for loop to function
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding