PowerShell Script Error
Thanks in advance for any help.
I have a script that I ran all of last year to create students, home directories, and set permissions. All ran fine with no problems. I attempted to run it yesterday and got the following error:
Set-Acl : Attempted to perform an unauthorized operation.
At C:\Users\djameson\Desktop\ADAccounts\HD Rights.ps1:29 char:9
+ set-acl <<<< -aclobject $acl $directory
+ CategoryInfo : PermissionDenied: (\\rmsdc01\home$\students\sw19
38:String) [Set-Acl], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow
Everything in the script is created but the permissions. As far as I know, no changes have been made to the server, my workstation, the script....I am a domain admin so rights shouldn't be an issue. I have executed the script from PowerShell with "run as administrator". Nothing seems to make a difference.
I can manually add the permissions without any problem. Any ideas as to what may be causing this issue?
Thanks again for your time and suggestions.
Was this a one-off error for that particular directory, or did it crop up repeatedly?
Could we see the code?
Thanks for the quick response.
It happen on 7 servers x 7 home directory folders. The code to set the home directory permissions:
## Modify Permissions on HomeDir
$userSID= (Get-QADUser -samaccountname $USERNAME).sid
# Write-Host $userSID
$directory = $HOMEDIRECTORY
$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"
$acl = Get-Acl $directory
$accessrule = New-Object system.security.AccessControl.FileSystemAccessRule ($userSID, "FullControl", $inherit, $propagation, "Allow")
set-acl -aclobject $acl $directory
Write-Host "============ Home Directory Rights Set ============" -foregroundcolor Cyan
This might help - https://connect.microsoft.com/feedback/ViewFeedback.aspx?FeedbackID=418906&SiteID=99
It seems there might be some issue if you don't explicitly have the TakeOwnership permission over the folder.
I'll take a look but again, no changes on my account since last year (or ever actually) and it ran fine. I'll let you know if I am able to solve this. I really hate losing the use of the script as it really saves me a good bit of time in creating new student accounts.
Were the folders created differently at all this year?
Not intentionally. I used a variation of the script a couple months ago to move elementary students to the middle school and middle school students to the high school. No problems there. The script does several things:
1. imports users from a csv file
2. create user
3. adds user to the correct groups
4. creates home directory
5. sets home directory rights.
1-4 are working as always. The only thing I can come across that is "different" is we added a new District Instructional Tech person and gave her rights to see the existing student home directories. I guess it is possible that over wrote something. I'm sure it is something stupid and simple I ma just over looking.
Thanks again for all your suggestions.
Check to make sure permissions have not been changed at the top level as this filters down through inheritance.
I appreciate all the suggestions.
I have checked everything I can think of. Even tried doing this as domain admin rather than my username. Nothing makes a difference. I have no idea what changed but obviously something has. I'm at a stand still. I'd love to be able to use my script but....
Thanks again for all the help and suggestions.