I am learning Powershell. I want to take ownership of a folder with Powershell.
$acl = Get-Acl C:\Users\Administrator\Desktop\Test
$acl.SetOwner([System.Security.Principal.NTAccount]internal\bob.test)
set-acl "C:\Users\Administrator\Desktop\Test" $acl
But then when I check the owner in the GUI:
Why has it not changed?
Related
How does one connect anonymously to an SMB share in powershell using New-PSDrive?
I've tried omitting the -Credential param but this seems to use the currently logged in user. This works when I test using a domain account, however the problem is for normal operation the currently logged in user is a local kiosk user for assigned access that the domain file server does not recognize.
I've also tried using the following, however it prompts for user input. As this is run as a scheduled task for background operation - this is unacceptable.
$Credentials = Get-Credential -UserName 'NTAUTHORITY\Anonymous Logon'
New-PSDrive -ErrorAction Stop -PSProvider "FileSystem" -Root "$RemoteFolder" -Name "$RemoteDriveLetter" -Credential $Credentials -Persist -Scope Global | Out-Null
I have enabled the local security policy option on the file server for "Network access: Let Everyone permissions apply to anonymous users".
How do I utilize the "anonymous" user connection with New-PSDrive?
-- edit --
I've also tried this
$Credentials = [pscredential]::Empty
New-PSDrive -ErrorAction Stop -PSProvider "FileSystem" -Root "$RemoteFolder" -Name "$RemoteDriveLetter" -Credential $Credentials -Persist -Scope Global | Out-Null
However, the output is:
>> TerminatingError(New-PSDrive): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The specified network password is not correct"
The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The specified network password is not correct
Anonymous mounts use an 'empty' user and password for the credential block so you can do the same.
This works for me and allows file creation on the share:
$User = " " # Create 'empty' username
$PWord = ConvertTo-SecureString -String " " -AsPlainText -Force
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord
New-PSDrive -PSProvider "FileSystem" -Root "$RemoteFolder" -Name "$RemoteDriveLetter" -Credential $Credentials -Persist -Scope Global | Out-Null
I used the powershell script below to try and create a folder on a remote machine
$ComputerName = "<IP>"
$DriveLetter = "C"
$Path = "TempFolder\TestPath"
New-Item -Path \\$ComputerName\$DriveLetter$\$Path -type directory -Force
When I change the ComputerName to localhost, the script is executed and the intended folder is created. However, when I run this script for an IP in the same network, which I can ping, the script runs but the folder isn't created.
Do you need to provide login credentials for the remote machine somewhere in the script?
Indeed you do:
PS C:> help new-item
NAME
New-Item
SYNTAX
New-Item [-Path] <string[]> [-ItemType <string>] [-Value <Object>] [-Force] [-Credential <pscredential>] [-WhatIf]
[-Confirm] [-UseTransaction] [<CommonParameters>]
New-Item [[-Path] <string[]>] -Name <string> [-ItemType <string>] [-Value <Object>] [-Force] [-Credential
<pscredential>] [-WhatIf] [-Confirm] [-UseTransaction] [<CommonParameters>]
ALIASES
ni
the important part is -Credential <pscredential>. To create this object from plain text for example:
$password = ConvertTo-SecureString 'password' -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ('username', $password)
There are other more secure ways to do this if you search around the net on how to create a PSCredential object.
I have a long list of shares that I want to see if I can access them. Is there a powershell commandlet that I could use?
I tried the Test-Path command but I believe that returns TRUE regardless of whether I have permissions to access the folder.
I want a similar command that will return TRUE if I can reach a share AND have permission to access it.
Or return FALSE if I can't reach the share or if I have not got permission to access it.
Test-Path only validates the existence of a thing.
the *-ACL cmdlets return permissions on an object (file, folder, registry, etc.)
Just look for the read permission and note, as a rule/practice, admins don't grant access rights to a user, they grant access rights to a group. So, as long as you are a member of a defined Account Group, you have access.
<#
Get specifics for a module, cmdlet, or function
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-acl?view=powershell-7
#>
(Get-Command -Name Get-Acl).Parameters
(Get-Command -Name Get-Acl).Parameters.Keys
Get-help -Name Get-Acl -Examples
<#
# Results
Get-Acl C:\Windows
Get-Acl -Path "C:\Windows\k*.log" | Format-List -Property PSPath, Sddl
Get-Acl -Path "C:/Windows/k*.log" -Audit | ForEach-Object { $_.Audit.Count }
Get-Acl -Path "HKLM:\System\CurrentControlSet\Control" | Format-List
Get-Acl -InputObject (Get-StorageSubsystem -Name S087)
#>
Get-help -Name Get-Acl -Full
Get-help -Name Get-Acl -Online
You can also use one of the other modules from the Microsoft powershellgallery.com
Find-MOdule -Name '*acl*' |
Format-Table -AutoSize
<#
# Results
Version Name Repository Description
------- ---- ---------- -----------
1.0.1 ACL-Permissions PSGallery A couple of ACL utilities, for repairing corrupt permissions and applying permissions for IIS AppPool identities
1.30.1.28 ACLReportTools PSGallery Provides Cmdlets for reporting on Share ACLs.
1.7 ACLHelpers PSGallery Modules to help work with ACLs (Access Control Rights)
1.0.1.0 ACLCleanup PSGallery A set of tools to help you clean your fileshares access control lists
0.1.2 ACLTools PSGallery Module for managing NTFS Acls on files and folders
...
#>
Find-MOdule -Name '*ntfs*' |
Format-Table -AutoSize
<#
# Results
Version Name Repository Description
------- ---- ---------- -----------
4.2.6 NTFSSecurity PSGallery Windows PowerShell Module for managing file and folder security on NTFS volumes
1.4.1 cNtfsAccessControl PSGallery The cNtfsAccessControl module contains DSC resources for NTFS access control management.
1.0 NTFSPermissionMigration PSGallery This module is used as a wrapper to the popular icacls utility to save permissions to a file and then restore those permissions to a mirror c...
#>
(Get-ChildItem -Path D:\temp | Get-NtfsAccess) -Match 'ReadAndExecute'
I am having an issue to connect to the remote server using New-PSDrive. The remote server is Windows-based, and only userA has access to write.
By saying that, the following code throws an "access denied" error:
Access to the path '$remoteServerPath' is denied on line3
Code:
New-PSDrive -Name remote -Root $remoteServerPath -PSProvider FileSystem
$destination = [IO.Path]::Combine('remote:', $fileName)
Copy-Item -Path $source -Destination $destination -Force
Now, I am trying to include credential information, but I get a different error!
The network path was not found on line3
$secpass = ConvertTo-SecureString 'myPassword' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ('domain\userA', $secpass)
New-PSDrive -Name remote -Root $remoteServerPath-PSProvider FileSystem -Credential $cred
$destination = [IO.Path]::Combine('remote:', $fileName)
Copy-Item -Path $source -Destination $destination -Force
Can anyone please help me out? Powershell Ver. 5
Why are you creating a PSDrive for this task?
& NET USE Z: \\server\path /user:domain\UserA 'PASSWORD'
Copy-Item -Path $Source -Destination 'Z:\' -Force
& NET USE Z: /D
If you have their plaintext password, this should work just fine.
I need to connect to a remote server and do some file copies and moves, etc. The remote server requires authentication.
What UNC path do I need to enter in for PSCredential? Is it the path to a particular remote user like
\SERVER2\Users\Administrator
Or is it the path to the remote resource itself like
\SERVER2\Data\Content
...
Authenticate the call
$Creds = New-Object -Typename System.Management.Automation.PSCredential -Argumentlist "C:\Some\Path",$PW
Copy-Item $src $destination -Credential $Creds
It is the username. Your paths are not proper UNC paths however. They should start with two slashes like \\SERVER2\Users\Administrator
Specify the credentials of the user with permission to access the resource. The Get-Credential commandlet can get the credentials for you.
$cred = Get-Credential
Copy-Item $src $destination -Credential $cred