PowerShell: Copy-Item fails despite the same process working with Windows Explorer
This problem is due to permissions writing to a network share. While the share permissions were set correctly, the NTFS permissions were missing. A system administrator will need to ensure both sets of permissions allow for the account to write to the folder. Once this was updated correctly the script was able to perform a copy to the network share.
You have the correct idea, but what if you try using the 'Administrative Share' to access the other system.
Created some standard variables: $Source
and $Target
. Now we use Get-ChildItem
and the switch -Path
to grab the file or directory we need. Then we use Copy-Item
and the switch -Force
to send the file to the other server. This method should work, but will describe another method.
I assume it would look something like this.
$Source = "\\idmststtrm2\c$\app\oracle\product\11.2.0\dbhome_1\network\admin\tns_admin$\tnsnames.ora"
$Target="\\bts13r2b\c$\app\oracle\product\11.2.0\dbhome_1\network\admin\tnsnames"
Get-ChildItem -Path $Source | Copy-Item -Destination $Target -Force
Another option is to make sure that you first have write access to both shared directories. Once that is verified, we run the following:
$Source="\\idmststtrm2\tns_admin$\tnsnames.ora"
$Target="\\bts13r2b\tnsnames"
Get-ChildItem -Path $Source | Copy-Item -Destination $Target -Force
#(Get-Acl $Source).Access #Verify $Source Access
#(Get-Acl $Target).Access #Verify $Target Access
Let us know if this works.
I know this is old, but I had a hair-pulling experience trying to get a scheduled job (running as a GMSA) to work calling a .ps1 using Copy-Item and getting the same "Access to the path ... is denied" error. I checked and double-check permissions on the remote shares - both Share permissions and NTFS permissions. It ran successfully with my login, it ran successfully with Admin login.
Finally, just for grins, I changed the Share permissions from "All Users" to "Everyone" and it started working! Therefore, it appears that GMSA accounts are not part of "All Users". I would have never guessed!
Hopefully this saves someone 10 hours of fruitless labor...