PowerShell Test-Path UNC Access Denied only via Scheduled Task

Question

PowerShell 3

Windows 2012

Major Minor Build Revision

3 0 -1 -1

I have a few PowerShell scripts that were working for the last few years.

Now they can't seem to run successfully via a Scheduled Task.

If I manually run the PowerShell script outside of Task Scheduler it works.

The script is just creating a new folder on a UNC path.

It is getting an Access Denied error when trying to 'Test-Path'.

Seems like this would be a permissions problems, however, it works using the same login and just double-clicking the script.

The Scheduled Task is set to use the same credentials I am logged on to the server with when I manually run the script.

I have created a new Basic Task in the Scheduler and it still doesn't work.

I have stripped down the code to a basic test-path and create a folder, and still not working.

I create a batch file to read and create a folder in the directory, set it to run via Scheduled Task and that DOES work.

Error Output:

C:\Scripts>c:

C:\Scripts>cd\scripts

C:\Scripts>powershell.exe c:\scripts\makefolder.ps1 

Creating New Folders...


Test-Path Result with SilentlyContinue... Does the folder exist already?

False

The folder is:  \\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions\MyTest



test-path : Access is denied
At C:\scripts\makefolder.ps1:23 char:6
+     IF (test-path -path $today_folder)
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: 
(\\intranet.myco...missions\My 
Test:String) [Test-Path], UnauthorizedAccessException
+ FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.Powe 
rShell.Commands.TestPathCommand

New-Item : Access is denied
At C:\scripts\makefolder.ps1:28 char:11
+             {New-Item -ItemType Directory -Path $today_folder
+              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : PermissionDenied: (\\intranet.myco...missions\My 
   Test:String) [New-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.Powe 
rShell.Commands.NewItemCommand

The Batch file that the Scheduled Task executes. This just runs the PowerShell Script. I have also removed this Batch file and had the Scheduled Task run the PowerShell directly with the same results:

c:
cd\scripts
powershell.exe c:\scripts\makefolder.ps1

Here is the PowerShell Script:

Write-Host 'Creating New Folders...
' -fore black -back yellow



$today_folder = "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions\MyTest"


Write-Host 'Test-Path Result with SilentlyContinue... Does the folder exist already?
' -fore black -back yellow

test-path -path $today_folder -ErrorAction SilentlyContinue


write-host 'The folder is: ' $today_folder
write-host '

'


    IF (test-path -path $today_folder) 
        #Folder Already Exist
            { Write-Host $today_folder ":Already Exist, moving on..." -fore black -back green }
        ELSE
        #Create the Folder 
            {New-Item -ItemType Directory -Path $today_folder  
                    Write-Host $today_folder ":Created" -fore black -back yellow}



#To see the console window
sleep 5

#Read-Host -Prompt "Press Enter to exit"

If I perform a similar function just using a Batch file it works:

@echo off
 echo Hello this a test batch file
 pause
net use L: "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions"
 dir L:
 pause

mkdir L:\M2019

pause

net use L: /delete

echo all done
pause

The Scheduled Task:

Have you run the script successfully as the user configured to run the job in task scheduler? — AdminOfThings, Apr 10 '19 at 18:03
Yes. I am logged on as that user. If I execute the Batch or the Powershell file it works fine. This login is also the author of the Scheduled Task. — Gemini, Apr 10 '19 at 18:20
If you replace the `Test-Path` logic with `[System.IO.Directory]::Exists($today_folder)` do you get a better result? — AdminOfThings, Apr 10 '19 at 18:34
Thanks, Hmm, no error with your suggested "[System.IO.Directory]::Exists($today_folder)" but now the error moved to trying to create the folder:: New-Item : Access is denied At C:\scripts\makefolder.ps1:28 char:11 + {New-Item -ItemType Directory -Path $today_folder + — Gemini, Apr 10 '19 at 18:43
Then I guess you can replace `New-Item` logic with `[System.IO.Directory]::CreateDirectory($today_folder)`. — AdminOfThings, Apr 10 '19 at 18:49
hmm, that didn't work either via Scheduled Task. But, if I execute the file it does create the folder. Error: Exception calling "CreateDirectory" with "1" argument(s): "Access to the path '\\intranet.myco.com\dept\finance\Shared Documents\Sales Commissions\MyTest' is denied. — Gemini, Apr 10 '19 at 20:10

score 0 · Accepted Answer · answered Apr 10 '19 at 23:58

I got it to work by adding NET USE and specifying the credentials inside the PowerShell script.

Thanks @AdminOfThings for at least getting me to think differently.

I have no idea why this just started happening. I also do not understand why only Task Scheduler had a problem with the permissions. I used the same login credentials that I am logged in with, the same that created the tasks, and the same stored on each task.

$user = 'corp\crazyuser'
$passwd = 'myPassword'

$today_folder = "\\intranet.mycompany.com\dept\finance\Shared Documents\Sales Commissions"


$subfolder = "TestFolder"


$complete_folder = $today_folder + '\' + $subfolder

#open path
NET USE $today_folder /user:$user $passwd 


    IF (test-path -path $complete_folder) 
        #Folder Already Exist
            { Write-Host $complete_folder ":Already Exist, moving on..." -fore black -back green }
        ELSE
        #Create the Folder 
            {New-Item -ItemType Directory -Path $complete_folder
                    Write-Host $complete_folder ":Created" -fore black -back yellow}

write-host '
Closing NET UNC path
'
NET USE /DELETE  $today_folder

There is a hack if you don't want to have a password in the script: Open your folder with sufficient privileges (domain user for example) Open a powershell as Administrator and an make a symlink from UNC to local path New-Item -ItemType SymbolicLink -Path "C:\LocalTemp\" -Value "\unc" You can now use the UNC path in your powershell script directly, it will open it with the credential provided in the scheduled task. There is probably some issues with credentials in scheduled tasks, however this is still better in my opinion than password in clear or pseudo obfuscated in scripts. — Gourgandine, Jan 07 '20 at 08:53

score 0 · Answer 2 · answered Aug 07 '23 at 14:45

You might want to check if your user is in the "Protected Users" group which would result in the impossibility for it's password (hash) to be stored.

More at the following link : https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group

Regards,

PowerShell Test-Path UNC Access Denied only via Scheduled Task

2 Answers2