none
Copy File from C to UNC Directory RRS feed

  • Question

  • First off.. I'm a novice. So feel free to break out the red ink and let me have it. 

    With that out of the way, I hit a wall with a particular script I've quilted together using various sources on the internet. I have a script that generates a Hardware Audit.. creates an HTML file with the data.. then copies that HTML file to a folder via a UNC path. 

    The script works beautifully when ran locally on the remote machine. However, whenever I try to execute it remotely from my machine (call it via a PowerShell session where I'm logged in as an admin) it says that access is denied on that UNC directory. Everything still works great up until that point, however. It's just the copying to the UNC directory at the end of the script that fails when the script is called remotely. 

    Very strange, and I'm not sure if it has to do with the script or something else. If someone who is very knowledgeable can give this script a quick once over and let me know if it looks good for being ran remotely.. I would appreciate it. Thanks in advance, guys & gals.

    ############hardwareaudits#####################
    
    $name = (Get-Item env:\Computername).value 
    $filepath = (Get-ChildItem env:\userprofile).value
     
    #### HTML Output Formatting ################### 
     
    $a = "<!--mce:0-->" 
     
    ############################################### 
    
    ConvertTo-Html -Head $a  -Title "Hardware Information for $name" -Body "<h1> Computer Name : $name </h1>" >  "$filepath\$name.html"  
     
    # MotherBoard: Win32_BaseBoard # You can also select Tag,Weight,Width  
    Get-WmiObject -ComputerName $name  Win32_BaseBoard  |  Select Name,Manufacturer,Product,SerialNumber,Status  | ConvertTo-html  -Body "<H2> MotherBoard Information</H2>" >> "$filepath\$name.html" 
     
    # Battery  
    Get-WmiObject Win32_Battery -ComputerName $name  | Select Caption,Name,DesignVoltage,DeviceID,EstimatedChargeRemaining,EstimatedRunTime  | ConvertTo-html  -Body "<H2> Battery Information</H2>" >> "$filepath\$name.html" 
     
    # BIOS 
    Get-WmiObject win32_bios -ComputerName $name  | Select Manufacturer,Name,BIOSVersion,ListOfLanguages,PrimaryBIOS,ReleaseDate,SMBIOSBIOSVersion,SMBIOSMajorVersion,SMBIOSMinorVersion  | ConvertTo-html  -Body "<H2> BIOS Information </H2>" >> "$filepath\$name.html" 
     
    # CD ROM Drive 
    Get-WmiObject Win32_CDROMDrive -ComputerName $name  |  select Name,Drive,MediaLoaded,MediaType,MfrAssignedRevisionLevel  | ConvertTo-html  -Body "<H2> CD ROM Information</H2>" >> "$filepath\$name.html" 
     
    # System Info 
    Get-WmiObject Win32_ComputerSystemProduct -ComputerName $name  | Select Vendor,Version,Name,IdentifyingNumber,UUID  | ConvertTo-html  -Body "<H2> System Information </H2>" >> "$filepath\$name.html" 
     
    # Hard-Disk 
    Get-WmiObject win32_diskDrive -ComputerName $name  | select Model,SerialNumber,InterfaceType,Size,Partitions  | ConvertTo-html  -Body "<H2> Harddisk Information </H2>" >> "$filepath\$name.html" 
    
    ## Mapped Drives
    Get-WmiObject -Class Win32_MappedLogicalDisk -ComputerName $name | Select Name,ProviderName | ConvertTo-html -Body "<H2> Mapped Drives </H2>" >> "$filepath\$name.html"
     
    # NetWord Adapters -ComputerName $name 
    Get-WmiObject win32_networkadapter -ComputerName $name  | Select Name,Manufacturer,Description ,AdapterType,Speed,MACAddress,NetConnectionID |  ConvertTo-html  -Body "<H2> Nerwork Card Information</H2>" >> "$filepath\$name.html" 
     
    # Memory 
    Get-WmiObject Win32_PhysicalMemory -ComputerName $name  | select BankLabel,DeviceLocator,Capacity,Manufacturer,PartNumber,SerialNumber,Speed  | ConvertTo-html  -Body "<H2> Physical Memory Information</H2>" >> "$filepath\$name.html" 
     
    # Processor  
    Get-WmiObject Win32_Processor -ComputerName $name  | Select Name,Manufacturer,Caption,DeviceID,CurrentClockSpeed,CurrentVoltage,DataWidth,L2CacheSize,L3CacheSize,NumberOfCores,NumberOfLogicalProcessors,Status  | ConvertTo-html  -Body "<H2> CPU Information</H2>" >> "$filepath\$name.html" 
     
    ## System enclosure  
    Get-WmiObject Win32_SystemEnclosure -ComputerName $name  | Select Tag,AudibleAlarm,ChassisTypes,HeatGeneration,HotSwappable,InstallDate,LockPresent,PoweredOn,PartNumber,SerialNumber  | ConvertTo-html  -Body "<H2> System Enclosure Information </H2>" >> "$filepath\$name.html" 
    
    #### Invoke Expressons ####
    invoke-Expression "$filepath\$name.html"
     
    #### Copy to WEYSFPSRV2 ####
    Copy-Item "$filepath\$name.html" -Destination "\\weyfpsrv2\hardwareaudits"

    Saturday, February 11, 2017 5:36 AM

Answers

  • Yu cannot access a third machine from a remote session.  This is a fundamental security restriction in Windows.  It is known as the  "second hop" restriction. There are no credentials tat can circumvent this.

    For more information search for "second hop restriction"

    Here is a picture showing what a second hop is:

    You can get more info here along with the full explanation ->> here


    \_(ツ)_/

    • Marked as answer by RyRoUK Saturday, February 11, 2017 7:12 AM
    Saturday, February 11, 2017 7:06 AM

All replies

  • from the error you have mentioned above it's clear that credentials with which you are running your script don't have access to  -Destination "\\weyfpsrv2\hardwareaudits"

    Also at line 50 in your script why do you want to use invoke-Expression ?

    Saturday, February 11, 2017 6:01 AM
  • Thank you for your response!

    I'm open to any better way of doing this. So please feel free to school me. The "invoke expression" was simply used in the original script i found online - so its still written that way.

    As for the credentials.. possibly correct. I guess I need to preface the script with a login (credentials) section?

    # Define domain username and password
    $username = 'Domain\User'
    $password = 'Password'
     
    # Convert to a single set of credentials
    $securePassword = ConvertTo-SecureString $password -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
     
    # Launch PowerShell (runas) as another user
    Start-Process powershell.exe -Credential $credential
    Would that work?

    • Edited by RyRoUK Saturday, February 11, 2017 6:18 AM
    Saturday, February 11, 2017 6:14 AM
  • Yu cannot access a third machine from a remote session.  This is a fundamental security restriction in Windows.  It is known as the  "second hop" restriction. There are no credentials tat can circumvent this.

    For more information search for "second hop restriction"

    Here is a picture showing what a second hop is:

    You can get more info here along with the full explanation ->> here


    \_(ツ)_/

    • Marked as answer by RyRoUK Saturday, February 11, 2017 7:12 AM
    Saturday, February 11, 2017 7:06 AM
  • And suddenly, everything makes sense now. 

    Thank you, very much for dropping that bit of info. I'm no expert when it comes to languages and scripting. So I couldn't put my finger on what was happening - my script was suspect to me. 

    Thanks, everyone.

    Saturday, February 11, 2017 7:12 AM