I'm using the CTP of powershell v2. I have a script written that needs to go out to various network shares in our dmz and copy some files. However, the issue I have is that evidently powershell's cmdlets such as copy-item, test-path, etc do not support alternate credentials...
Anyone have a suggestion on how best to accomplish my task..?
This question is related to
powershell
powershell-2.0
I know that PowerShell 3 supports this out of the box now, but for the record, if you're stuck on PowerShell 2, you basically have to either use the legacy net use command (as suggested by several others), or the Impersonation module that I wrote awhile back specifically to address this.
The newer verion of PowerShell handles this and the MS Documentation has a great example of copying a file with different credentials here
$Session = New-PSSession -ComputerName "Server02" -Credential "Contoso\User01"
Copy-Item "D:\Folder002\" -Destination "C:\Folder002_Copy\" -ToSession $Session
Here's my script that runs as LocalSystem on a machine, but needs credentials of a domaim user to access a network file location. It allows you to store the user's password in a "safe-ish" encrypted file; that can only be read by the user that wrote it.
Setting and changing the password is done by copying a file with the plaintext password in it to the machine. When the script is next run it reads the password, encrypts it, then deletes the plaintext password.
$plaintext_password_file = 'C:\plaintext.txt' # Stores the password in plain text - only used once, then deleted
$encryted_password_file = 'C:\copy_pass.txt' # Stores the password in "safe" encrypted form - used for subsequent runs of the script
# - can only be decrypted by the windows user that wrote it
$file_copy_user = 'OURDOMAIN\A_User'
# Check to see if there is a new plaintext password
if (Test-Path $plaintext_password_file)
{
# Read in plaintext password, convert to a secure-string, convert to an encrypted-string, and write out, for use later
get-content $plaintext_password_file | convertto-securestring -asplaintext -force | convertfrom-securestring | out-file $encryted_password_file
# Now we have encrypted password, remove plain text for safety
Remove-Item $plaintext_password_file
}
# Read in the encrypted password, convert to a secure-string
$pass = get-content $encryted_password_file | convertto-securestring
# create a credential object for the other user, using username and password stored in secure-string
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $file_copy_user,$pass
# Connect to network file location as the other user and map to drive J:
New-PSDrive -Name J -PSProvider FileSystem -Root "\\network\file_directory" -Credential $credentials
# Copy the file to J:
Copy-Item -Force -Verbose -Path "C:\a_file.txt" -Destination "J:\"
As an extra refinement: The username could also be encrypted as well, rather than hardcoded.
Here is a post where someone got it to work. It looks like it requires a registry change.
This is an old question but I'm just updating it for future finders.
PowerShell v3 now supports using the -Credential parameter for filesystem operations.
Hope this helps others searching for the same solution.
I have encountered this recently, and in the most recent versions of Powershell there is a new BitsTransfer Module, which allows file transfers using BITS, and supports the use of the -Credential parameter.
The following sample shows how to use the BitsTransfer module to copy a file from a network share to a local machine, using a specified PSCredential object.
Import-Module bitstransfer
$cred = Get-Credential
$sourcePath = \\server\example\file.txt
$destPath = C:\Local\Destination\
Start-BitsTransfer -Source $sourcePath -Destination $destPath -Credential $cred
Another way to handle this is using the standard "net use" command. This command, however, does not support a "securestring" password, so after obtaining the credential object, you have to get a decrypted version of the password to pass to the "net use" command.
$cred = Get-Credential
$networkCred = $cred.GetNetworkCredential()
net use \\server\example\ $networkCred.Password /USER:$networkCred.UserName
Copy-Item \\server\example\file.txt C:\Local\Destination\
Since PowerShell doesn't support "-Credential" usage via many of the cmdlets (very annoying), and mapping a network drive via WMI proved to be very unreliable in PS, I found pre-caching the user credentials via a net use command to work quite well:
# cache credentials for our network path
net use \\server\C$ $password /USER:$username
Any operation that uses \\server\C$ in the path seems to work using the *-item cmdlets.
You can also delete the share when you're done:
net use \\server\C$ /delete
You should be able to pass whatever credentials you want to the -Credential parameter. So something like:
$cred = Get-Credential
[Enter the credentials]
Copy-Item -Path $from -Destination $to -Credential $cred
that evidently powershell's cmdlets such as copy-item, test-path, etc do not support alternate credentials...
It looks like they do here, copy-item certainly includes a -Credential parameter.
PS C:\> gcm -syn copy-item Copy-Item [-Path] <String[]> [[-Destination] <String>] [-Container] [-Force] [-Filter <String>] [-I nclude <String[]>] [-Exclude <String[]>] [-Recurse] [-PassThru] [-Credential <PSCredential>] [...]
Bringing this back from the dead again. I got around a similar credentials problem by wrapping the .ps1 in a batch file and doing the Win7, Shift + r.Click RunAs. If you wanted to, you can also use PsExec thus:
psexec.exe /accepteula /h /u user /p pwd cmd /c "echo. | powershell.exe -File script.ps1"
I would try to map a drive to the remote system (using 'net use' or WshNetwork.MapNetworkDrive, both methods support credentials) and then use copy-item.
This question addresses a very related issue that may help using network shares in powershell.
PowerShell 3.0 now supports for credentials on the FileSystem provider. To use alternate credentials, simply use the Credential parameter on the New-PSDrive cmdlet
PS > New-PSDrive -Name J -PSProvider FileSystem -Root \\server001\sharename -Credential mydomain\travisj -Persist
After this command you can now access the newly created drive and do other operations including copy or move files like normal drive. here is the full solution:
$Source = "C:\Downloads\myfile.txt"
$Dest = "\\10.149.12.162\c$\skumar"
$Username = "administrator"
$Password = ConvertTo-SecureString "Complex_Passw0rd" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential($Username, $Password)
New-PSDrive -Name J -PSProvider FileSystem -Root $Dest -Credential $mycreds -Persist
Copy-Item -Path $Source -Destination "J:\myfile.txt"
Source: Stackoverflow.com