creative555
asked on
this script icacle doesn't work on remote computers. please help
I had this question after viewing Powershell script- running set owner command on multiple servers at once.
Hello,
I have closed the question because the error was fixed and I can run the script now, but the icacle command still only works on the local computer and if I execute it through the command NOT powershell.
I get this error
OI : The term 'OI' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included,
verify that the path is correct and try again.
At line:1 char:45
+ icacls F:\ /grant TESTTARGET\user.svc:(OI)(C I)F
+ ~~
+ CategoryInfo : ObjectNotFound: (OI:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Here is the script.
Please help:
Function Set-Permissions {
[CmdletBinding()]
param([Parameter(Mandatory =$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropert yName=$tru e)]
[Alias('hostname')]
[string[]$ComputerName,
[switch]$nameLog
)
Begin {
if ($nameLog)
{
Write-Verbose "Finding name log file"
$i = 0
do {
$logFile = "names-$i.txt"
$i++
} while (Test-Path $logFile)
Write-verbose "Log file name will be stored $logfile"
}
else {
write-verbose "Name logging off"
}
}
Process {
if ($nameLog)
{
Write-Verbose
"Name log on"
}
else
{
Write-Verbose "Name log off"
}
foreach ($computer in $computername) {
Write-Verbose "Now connecting to $computer"
if ($nameLog){
$computer | out-file $logFile -Append
}
icacls E:\ /grant TESTTARGET\user.svc:(OI)(C I)F
icacls E:\ /grant TESTTARGET\test.mig.svc:(O I)(CI)F
icacls F:\ /grant TESTTARGET\user.svc:(OI)(C I)F
icacls F:\ /grant TESTTARGET\test.mig.svc:(O I)(CI)F
icacls E:\ /grant TESTTARGET\test.Administra tors:(OI)( CI)F
icacls F:\ /grant TESTTARGET\test.Administra tors:(OI)( CI)F
icacls "E:\Includes" /setowner TESTTARGET\user.svc /t /c
icacls "E:\test" /setowner TESTTARGET\user.svc /t /c
icacls "E:\Program Files" /setowner TESTTARGET\user.svc /t /c
icacls "F:\Software" /setowner TESTTARGET\user.svc /t /c
}
}
End {}
}
Set-Permissions -computername server01, server02
Hello,
I have closed the question because the error was fixed and I can run the script now, but the icacle command still only works on the local computer and if I execute it through the command NOT powershell.
I get this error
OI : The term 'OI' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included,
verify that the path is correct and try again.
At line:1 char:45
+ icacls F:\ /grant TESTTARGET\user.svc:(OI)(C
+ ~~
+ CategoryInfo : ObjectNotFound: (OI:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Here is the script.
Please help:
Function Set-Permissions {
[CmdletBinding()]
param([Parameter(Mandatory
ValueFromPipeline=$true,
ValueFromPipelineByPropert
[Alias('hostname')]
[string[]$ComputerName,
[switch]$nameLog
)
Begin {
if ($nameLog)
{
Write-Verbose "Finding name log file"
$i = 0
do {
$logFile = "names-$i.txt"
$i++
} while (Test-Path $logFile)
Write-verbose "Log file name will be stored $logfile"
}
else {
write-verbose "Name logging off"
}
}
Process {
if ($nameLog)
{
Write-Verbose
"Name log on"
}
else
{
Write-Verbose "Name log off"
}
foreach ($computer in $computername) {
Write-Verbose "Now connecting to $computer"
if ($nameLog){
$computer | out-file $logFile -Append
}
icacls E:\ /grant TESTTARGET\user.svc:(OI)(C
icacls E:\ /grant TESTTARGET\test.mig.svc:(O
icacls F:\ /grant TESTTARGET\user.svc:(OI)(C
icacls F:\ /grant TESTTARGET\test.mig.svc:(O
icacls E:\ /grant TESTTARGET\test.Administra
icacls F:\ /grant TESTTARGET\test.Administra
icacls "E:\Includes" /setowner TESTTARGET\user.svc /t /c
icacls "E:\test" /setowner TESTTARGET\user.svc /t /c
icacls "E:\Program Files" /setowner TESTTARGET\user.svc /t /c
icacls "F:\Software" /setowner TESTTARGET\user.svc /t /c
}
}
End {}
}
Set-Permissions -computername server01, server02
ASKER
Hello,
thank you so much
With quotes the script is now working but still not updating the remote computer. It doesn't give me any error either.
icacls E:\ /grant "TESTTARGET\user.svc:(OI)( CI)(F)"
Is this the correct command?
Invoke-Command -ComputerName (Get-Content ".\servers.txt") | Set-Permissions
I ran this command with the script and it only updated the local computer
Set-Permissions -computername server01, server02.testtarget.local
thank you so much
With quotes the script is now working but still not updating the remote computer. It doesn't give me any error either.
icacls E:\ /grant "TESTTARGET\user.svc:(OI)(
Is this the correct command?
Invoke-Command -ComputerName (Get-Content ".\servers.txt") | Set-Permissions
I ran this command with the script and it only updated the local computer
Set-Permissions -computername server01, server02.testtarget.local
ASKER
oh. I made this work without using a function. How do I pass the function in the script block?
Invoke-Command -ComputerName server02.testtarget.local -Scriptblock {icacls E:\ /grant "TESTTARGET\Administrators :(OI)(CI)F "} -cred testtarget\service
This didn't work with the script I posted above
Invoke-Command -ComputerName server02.testtarget.local -Scriptblock {get-permissions} -cred testtarget\service
Invoke-Command -ComputerName server02.testtarget.local -Scriptblock {icacls E:\ /grant "TESTTARGET\Administrators
This didn't work with the script I posted above
Invoke-Command -ComputerName server02.testtarget.local -Scriptblock {get-permissions} -cred testtarget\service
Just like variables have scope, functions don't exist outside of the session in which they were defined/created. Say you open a PS console and create the function, then open another PS console and try to run the function in that window/session - it won't work because the function was only created in the first session. The same thing applies to remote sessions.
So the only way to run a function in a remote session is to define the function in that remote session. Just like in a local session, you first run the code that defines the function, then you run the function. Using the Invoke-Command cmdlet, your scriptblock that you call to be run has to include all those elements.
So the only way to run a function in a remote session is to define the function in that remote session. Just like in a local session, you first run the code that defines the function, then you run the function. Using the Invoke-Command cmdlet, your scriptblock that you call to be run has to include all those elements.
ASKER
ok. I understand what you are saying but how to make it work.
Ok, I revised the script but somehow it still doesnt process the remote computer. Posting the revised script here .
Please help. See the screenshot with the results.
Ok, I revised the script but somehow it still doesnt process the remote computer. Posting the revised script here .
Please help. See the screenshot with the results.
Set-Location "c:\cfscripts"
Function Set-Permissions {
[CmdletBinding()]
param([Parameter(Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true)]
[Alias('hostname')]
[string[]]$ComputerName,
[switch]$nameLog
)
Begin {
if ($nameLog)
{
Write-Verbose "Finding name log file"
$i = 0
do {
$logFile = "names-$i.txt"
$i++
} while (Test-Path $logFile)
Write-verbose "Log file name will be stored $logfile"
}
else {
write-verbose "Name logging off"
}
}
Process {
if ($nameLog)
{
Write-Verbose "Name log on"
}
else
{
Write-Verbose "Name log off"
}
try {
$cred = get-credential
foreach ($computer in $computername) {
if ($nameLog){
$computer | out-file $logFile -Append
}
Write-Verbose "Now processing $computer"
Enter-PSSession -computername $computer -Credential $cred
write-host "Connected to $computer" -ForegroundColor Green
whoami;hostname
icacls E:\ /grant "TESTTARGET\Administrators:(OI)(CI)F"
icacls F:\ /grant "TESTTARGET\Administrators:(OI)(CI)F"
Exit-PSSession
}
}
catch
{}
}#Process
#End {}
}
$computers = (Get-content ".\servers.txt")
Set-Permissions -computername $computers -nameLog -verbose
ASKER
I added these lines but getting this error.
Please help
$s = New-PSSession -computername $computers -Credential $cred
invoke-command -Session $s -ScriptBlock ${function:Set-Permission
Invoke-Command : Cannot validate argument on parameter 'ScriptBlock'. The argument is null. Provide a valid value for the argument, and
then try running the command again.
At C:\cfscripts\Set-FilePermi ssions2.ps 1:73 char:41
+ invoke-command -Session $s -ScriptBlock ${function:Set-Permission}
here is modified script that is still failing
Please help
$s = New-PSSession -computername $computers -Credential $cred
invoke-command -Session $s -ScriptBlock ${function:Set-Permission
Invoke-Command : Cannot validate argument on parameter 'ScriptBlock'. The argument is null. Provide a valid value for the argument, and
then try running the command again.
At C:\cfscripts\Set-FilePermi
+ invoke-command -Session $s -ScriptBlock ${function:Set-Permission}
here is modified script that is still failing
Set-Location "c:\cfscripts"
$cred = get-credential
$computers = (Get-content ".\servers.txt")
$s = New-PSSession -computername $computers -Credential $cred
Function Set-Permissions {
[CmdletBinding()]
param([Parameter(Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true)]
[Alias('hostname')]
[string[]]$ComputerName,
[switch]$nameLog
)
Begin {
if ($nameLog)
{
Write-Verbose "Finding name log file"
$i = 0
do {
$logFile = "names-$i.txt"
$i++
} while (Test-Path $logFile)
Write-verbose "Log file name will be stored $logfile"
}
else {
write-verbose "Name logging off"
}
}
Process {
if ($nameLog)
{
Write-Verbose "Name log on"
}
else
{
Write-Verbose "Name log off"
}
try {
foreach ($computer in $computername) {
if ($nameLog){
$computer | out-file $logFile -Append
}
Write-Verbose "Now processing $computer"
write-host "Connected to $computer" -ForegroundColor Green
whoami;hostname
icacls E:\ /grant "TESTTARGET\ADMS.Administrators:(OI)(CI)F"
icacls F:\ /grant "TESTTARGET\ADMS.Administrators:(OI)(CI)F"
}
}
catch
{}
}#Process
#End {}
}
#$computers = (Get-content ".\servers.txt")
#Set-Permissions -computername $computers -nameLog -verbose
invoke-command -Session $s -ScriptBlock ${function:Set-Permission}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I got this error on the trunkated example:
Successfully processed 0 files; Failed processing 1 files
TESTTARGET\Administrators: No mapping between account names and security IDs was done.
+ CategoryInfo : NotSpecified: (TESTTARGET\Admi...y IDs was done.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : Server02.testtarget.local
TESTTARGET\Administrators: No mapping between account names and security IDs was done.
+ CategoryInfo : NotSpecified: (TESTTARGET\Admi...y IDs was done.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : Server02.testtarget.local
Successfully processed 0 files; Failed processing 1 files
Successfully processed 0 files; Failed processing 1 files
Successfully processed 0 files; Failed processing 1 files
TESTTARGET\Administrators:
+ CategoryInfo : NotSpecified: (TESTTARGET\Admi...y IDs was done.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : Server02.testtarget.local
TESTTARGET\Administrators:
+ CategoryInfo : NotSpecified: (TESTTARGET\Admi...y IDs was done.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : Server02.testtarget.local
Successfully processed 0 files; Failed processing 1 files
Successfully processed 0 files; Failed processing 1 files
ASKER
oh my fault. It is working now!! You are brilliant. I had a group wrong here because I didn't post the real group name.
icacls E:\ /grant "TESTTARGET\Administrators :(OI)(CI)F "
icacls F:\ /grant "TESTTARGET\ADMS.Administr ators:(OI) (CI)F"
icacls E:\ /grant "TESTTARGET\Administrators
icacls F:\ /grant "TESTTARGET\ADMS.Administr
ASKER
thank you so much! Tested and it is working great now!
This should work.
Open in new window
Another useful technique if using PS 3.0+ is "--%" (the stop parsing operator).
Open in new window