1

I have two servers in a domain and I use the domain administrator account to run a script to scan with YARA some folders. I want to copy the result to SERVER-1. I have in SERVER-1 a shared folder to store the results with read-write permissions to everybody whose name is YARASCAN.

If I run a .ps1 script from SERVER-SCANNED the copy works fine (I have tried also using New-PSDrive)

copyjob.ps1:
#yara scans and created report.log
Copy-Item .\report.log -Destination \\SERVER-1\YARASCAN

If I run the following script (simplified) I get the error "Acces is denied"

$session = New-PSSession -ComputerName SERVER-SCANNED #Don't need credentials as I running as domain admin
Invoke-Command -Session $session -ScriptBlock {
    Set-Location "C:\Windows\Temp\yarascan"; .\copyjob.ps1
}

The reasong needing to copy from SERVER-SCANNED to SERVER-1 is because I want to leave the session open while YARA scans, and after finishing the scan, SERVER-SCANNED copies the result back to SERVER-1. This way I can launch the job on several computers in parallel (this is my intention).

Does anybody how to resolve the issue? Thanks.

mklement0
  • 382,024
  • 64
  • 607
  • 775
Chirrin Dul
  • 9
  • 4

1 Answers1

1

At first glance I'd say you are running into a double hop authentication issue. By design, whatever you run via invoke-command on the remote host will not be able to authenticate on a second resource with the domain admin credentials, like you would otherwise expect.

I think one accepted way to solve this is to pass the credentials to the target script block (with the $using construct for instance). You could use the new-psdrive commandlet inside the block to reach your goal.

GabQ
  • 69
  • 3