I need to try if a specific user has read or write acces on DFS Folder (to validate my DFS).
I am Admin on the domain and I have the credential of this user in $Credentials but Test-Path, Get-Item, New-Item do not accept the credential
I need to try if a specific user has read or write acces on DFS Folder (to validate my DFS).
I am Admin on the domain and I have the credential of this user in $Credentials but Test-Path, Get-Item, New-Item do not accept the credential
Use Invoke-Command
for running commands in the context of a different user:
$computer = 'localhost'
$cred = Get-Credential
Invoke-Command -Computer $computer -Credential $cred -ScriptBlock {
Param($path)
if (Test-Path -LiteralPath $path) {
New-Item -ItemType File "$path\your.txt"
}
} -ArgumentList 'C:\some\folder'
You could also use Start-Job
, but that would run the scriptblock in the background, so it'd mean more management overhead.
Another option, if everything else fails, might be runas.exe
, although it may require some creative quoting:
& runas /user:DOM\username "powershell -Command \`"&{ New-Item 'C:\some\folder\your.txt' }`"\"
If you just need to check the permissions on a given folder without performing an action, you'd use Get-Acl
:
Get-Acl 'C:\some\folder' |
select -Expand Access |
? { $_.IdentityReference -like '*\username' }
instead check acl recursively, i use real write access with Start-Process
and specific credential (start-process
is an alias of runas
).
the process write a new file with $(whoami) content
after ending process check if file exist and his content.
function test-Write ($folder)
$WinCredential = Get-Credential -UserName "Domain\User" -Message "Login"
Start-Process -WindowStyle Hidden -Wait -Credential $WinCredential -FilePath "powershell.exe" -ArgumentList "whoami | out-file '$folder\test.txt'"
if ((get-content "$folder\test.txt") -like "Domain\User") {
return 'OK'
}
return 'Erreur NTFS Access'
}