0

I am writing a powershell script which shall periodically run to backup the contents of a remote folder. That remote folder is mapped as a WebDav share to my Windows drive G:\.

This post and this one say

  • that mapped drives cannot be accessed directly and
  • that they should be accessed via UNC.

Accessing the remote folder via UNC requires that I provide credentials. I don't want them lying around in plain text, so I try to access them via the Credentials Manager. I have thus done the installation of module CredentialManager, and now, getting the credentials and mounting the remote folder

  • works fine if I run the script manually (from within MS Code)
    • my powershell version is 7.3.6
  • fails if the script is run from the task scheduler though
    • the user is the same (see output of whoami), it is a non-admin account
    • the user has the "Logon as batch job" rights
    • run with highest privileges is not ticked
    • I tried both, Run whether user is logged on or not and Run only when user is logged on, but it makes no difference

Why is that and what can I do to get access to the remote folder from the scheduled script?

The script access.ps1:

# MAIN ########################################################################
$debuglog = $PSScriptRoot + "\" + "debuglog.txt"
#$debuglog = $null
$PSDefaultParameterValues = @{'Out-File:Encoding' = 'utf8'}   # https://stackoverflow.com/questions/64757125/how-to-specify-file-format-for-powershell-tee-command
                                                              # https://stackoverflow.com/questions/40098771/changing-powershells-default-output-encoding-to-utf-8
                                                              # https://stackoverflow.com/questions/30606929/tee-with-utf-8-encoding

# Info:
echo "$(get-date -format 'yyMMdd-HHmmss') ##################################################" >> $debuglog 
echo "Which domain/account?: <$(whoami)>"   >> $debuglog
echo "Available drives:"     $(get-psdrive) >> $debuglog

# OK, when drive does not show up when script is run from task scheduler, then let's map it:
$credential = Get-StoredCredential -Target "webdav.mc.gmx.net"
echo "Credential: _$credential_" >> $debuglog
if ($credential) {
  echo "Credentials found." >> $debuglog  
  $username = $credential.UserName
  $password = $credential.GetNetworkCredential().Password
    
  $driveLetter = "Y"
  $networkPath = "\\webdav.mc.gmx.net@SSL\DavWWWRoot\myData\"
  remove-psdrive       $driveLetter
  New-PSDrive    -Name $driveLetter -PSProvider FileSystem -Root $networkPath -Credential $credential
}
else {
  echo "Accessing credentials failed." >> $debuglog  
}
echo "psdrives:" $(get-psdrive) >> $debuglog
echo "Dir:     " $(dir y:\) >> $debuglog
remove-psdrive       $driveLetter

echo "Exit."                >> $debuglog
exit

The output of the script:

  • left: when run "manually", i.e. from MS Code
  • right: when run through the task scheduler
    • user names are identical
    • drive G:\ is not available
    • accessing credentials failed

enter image description here

The scheduler's XML:

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2023-07-31T23:41:50.6178473</Date>
    <Author>DELFIN7\Martin</Author>
    <URI>\Access2</URI>
  </RegistrationInfo>
  <Triggers>
    <CalendarTrigger>
      <StartBoundary>2023-07-31T23:40:09</StartBoundary>
      <Enabled>true</Enabled>
      <ScheduleByMonth>
        <DaysOfMonth>
          <Day>13</Day>
        </DaysOfMonth>
        <Months>
          <January />
          <February />
          <March />
          <April />
          <May />
          <June />
          <July />
          <August />
          <September />
          <October />
          <November />
          <December />
        </Months>
      </ScheduleByMonth>
    </CalendarTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>S-1-5-21-48XXXXX20-12XXXXXX13-21XXXXXX82-1001</UserId>
      <LogonType>Password</LogonType>
      <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>true</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
    <Priority>7</Priority>
    <RestartOnFailure>
      <Interval>PT2H</Interval>
      <Count>120</Count>
    </RestartOnFailure>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Command>
      <Arguments>"D:\Datenbanken\Datensicherung\myRoboBak\Executables\access.ps1"</Arguments>
      <WorkingDirectory>D:\Datenbanken\Datensicherung\myRoboBak\Executables\</WorkingDirectory>
    </Exec>
  </Actions>
</Task>
Traveler
  • 326
  • 1
  • 12
  • Use the `Start-Transcript` and `Stop-Transcript` to create transcript of the script running as a job. Hopefully you'll see the issue more clearly i.e. [Module not importing](https://learn.microsoft.com/en-us/answers/questions/459844/get-storedcredential-not-recognized-even-though-it) or similar. – jfrmilner Aug 20 '23 at 23:37

0 Answers0