Access is denied on copy

Question

I have implemented a script where I'm trying to copy some files on Server A to Server B. Let me explain you the process.

I started one loop which is going to run twice and in first execution I'm stopping the app pools and start app pools and than creating the backup and than will trying to copy the files but it's giving me an error that the access is denied but I edit all permission to the folder but through script it's not allowing me to copy and replace the files on Server 2 from Server A.

# Embedding the password in the script.
"Setting  Variables"
$MyDomain = "ranbi" ;
$MyClearTextUsername = "shian" ;
$MyClearTextPassword = "sham@01" ;
$MyUsernameDomain = $MyDomain + '\' + $MyClearTextUsername;
$SecurePassword = ConvertTo-SecureString -String $MyClearTextPassword -AsPlainText -Force ;
$MyCreds = New-Object System.Management.Automation.PSCredential $MyUsernameDomain,$SecurePassword ;

#System Variable for backup Procedure
$date = Get-Date -Format d-MMMM-yyyy-h-m-s                                                             #Variable is used to get the date and time

for ($i=1; $i -le 2; $i++) {
    $servername = "server" + $i
    $backupsrc = "\\$servername\C$\Program Files (x86)\service\healthService\v1_0"                     #backup directory for source Code
    $backupdes = "\\$servername\C$\Temp\ICS-$date"                                                     #destination for backup appending with date time
    $sourcesrc = "\\server1\C$\Deployment\Health\bin"                                                  #source directory for source Code
    $destinationsrc = "\\server1\C$\Program Files (x86)\service\healthService\v1_0\bin"                #destination directory for source Code on Server1
    $forcetwo ="\\server2\C$\bin"                                                                      #destination directory for source Code on Server2
    $sourceweb = "\\Server1\C$\Deployment\Health\web.config"                                           #source directory for webconfig
    $destinationweb = "\\server1\C$\Program Files (x86)\service\healthservice\v1_0\web.config"         #destination directory for webconfig on Ser1
    $destweb = "\\Server2\C$\Program Files (x86)\service\web.config"                                   #destination directory for webconfig on Ser2
    $pathback = Test-Path $backupdes                                                                   #verifying the backup destination path
    $appPoolName = "HealthService"                                                                     #Initialized App Pool Name
    $forcethree = "\\Server2\C$\bin"                                                                   #webconfigfile source for Server2
    $forcefour = "\\Server2\C$\Program Files (x86)\service\healthService\v1_0\bin"                     #webconfigfile destination for Server2

    # Placing the script under a ScriptBlock
    #####
    $MyScriptblock = {
        Param($appPoolName,$pathback,$date,$backupsrc,$backupdes,$sourcesrc,$destinationsrc,$sourceweb,$destinationweb,$servername,$forcetwo,$destweb,$forcethree,$forcefour)

        function fnStartApplicationPool([string]$appPoolName) {
            Import-Module WebAdministration
            if ((Get-WebAppPoolState $appPoolName).Value -ne 'Started') {
                Start-WebAppPool -Name $appPoolName
            }
        }

        function fnStopApplicationPool([string]$appPoolName) {
            Import-Module WebAdministration
            if ((Get-WebAppPoolState $appPoolName).Value -ne 'Stopped') {
                Stop-WebAppPool -Name $appPoolName
            }
        }
        if ($pathback -eq $false) {
            #Copying Data from Source to Destination
            Copy-Item  -Recurse $backupsrc -Destination $backupdes
            Write-Host "Backup Successful on server $servername"

            #Validating the apppool value
            Import-Module WebAdministration
            if ((Get-WebAppPoolState $appPoolName).Value -ne 'Stopped') {
                #Stop apppool
                Stop-WebAppPool -Name $appPoolName
                Write-Host "AppPool Stopped Successfully for $servername"
            }
            if ($servername -eq 'server1') {
                #Copying Data from Source to Destination
                Copy-Item $sourcesrc -Destination $destinationsrc -Recurse -Force               
                Copy-Item $sourcesrc -Destination $forcetwo -Recurse -Force
                Copy-Item $sourceweb -Destination $destinationweb -Recurse -Force
                Copy-Item $sourceweb -Destination $destweb -Recurse -Force
            }
            if ($servername -eq 'server2') { 
                #Copying Data from Source to Destination
                Copy-Item $forcethree -Destination $forcefour -Recurse -Force
            }
            #Start apppool
            Start-WebAppPool -Name $appPoolName
            Write-Host "AppPool Started Successfully on $servername"
            cd c:\
        }
    }

    $result = Invoke-Command -ComputerName $servername -Credential $MyCreds -ScriptBlock $MyScriptblock -ArgumentList $appPoolName,$pathback,$date,$backupsrc,$backupdes,$sourcesrc,$destinationsrc,$sourceweb,$destinationweb,$servername,$forcetwo,$destweb,$forcethree,$forcefour ;
    $result ;
}

cd c:\

I'm getting the below error:

Access to the path 'bin' is denied.
    + CategoryInfo          : PermissionDenied: (\\Server2\C$\bin:String) [Copy-Item], UnauthorizedAccessException
    + FullyQualifiedErrorId : CreateDirectoryUnauthorizedAccessError,Microsoft.PowerShell.Commands.CopyItemCommand

Have you attempted to net use to authenticate with server2 before the file copy? — Goldn123, Feb 07 '17 at 11:12
Yet again this is the double-hop issue. When you use invoke command to connect from one computer to a second, you will then have issues connecting to a third. e.g. `Copy-Item` in your script. In your last question, I linked this [technet post](https://blogs.technet.microsoft.com/ashleymcglone/2016/08/30/powershell-remoting-kerberos-double-hop-solved-securely/). This has quite a few ways around this. The easy way is to pass fresh creds to use to connect. Add `$mycreds` to your scriptblock `param`. Or do the copy from the first computer before `invoke-command`. Or any of the other linked methods — BenH, Feb 07 '17 at 14:33
@BenH yes you are right,but i tried alot to implement $mycreds but not getting luck here so could u please help me out how can i implement it with passing the parameters to it as u can see in above script. — Shian JA, Feb 08 '17 at 10:15
https://blogs.technet.microsoft.com/ashleymcglone/2016/08/30/powershell-remoting-kerberos-double-hop-solved-securely/ — zerocool18, Feb 13 '17 at 23:25

score 1 · Accepted Answer · answered Feb 13 '17 at 23:24

1

Just use WebDeploy cmdlets if you are trying to sync some sites in your IIS farm.

Power Shell IIS cmdlets

Sync-WDServer, Sync-WDSite etc.

answered Feb 13 '17 at 23:24

zerocool18

523
1
4
11

score -2 · Answer 2 · answered Feb 12 '17 at 04:28

-2

Have you looked into Delegated Remote Sessions or JEA (Just Enough Admin)? Both would be a great fix for the Kerberos double-hop problem.

Look at this series of articles to get started with Delegated Sessions.

answered Feb 12 '17 at 04:28

Matthew A. Pearon

9
5

Access is denied on copy

2 Answers2