2

Please, help with my WebDAVs scheduled copy. I have two WebDAVs, one on Debian11/Nginx, the other on WindowsServer2019/IIS. I want to make a scheduled backup copy from both on my Windows 11. Fragment from PowerShell script:

$NetworkPaths = "\\<server1.domain1>@SSL\DavWWWRoot", "\\<server2.domain2>@SSL\DavWWWRoot"
...
$BackupSource | % {$counter = 0} {
  net use Z: $NetworkPaths[$counter] $NetworkPwds[$counter] /user:$NetworkLogin /persistent:no
  robocopy $_ $BackupDir[$counter] /Z /R:3 /COPY:DT
  net use Z: /delete
  $counter++}

This works fine when run from PowerShell ISE. This works with Debian11/Nginx share and does not work with WinServer2019/IIS share when run from TaskScheduler as System with highest privileges with working directory c:\. The second copy does not perform. I tried also

  $pass=$NetworkPwds[$counter]|ConvertTo-SecureString -AsPlainText -Force
  $cred = New-Object System.Management.Automation.PsCredential($NetworkLogin,$pass)
  New-PSDrive -Name Z -PSProvider FileSystem -Root $NetworkPaths[$counter]
  $exclude = Get-ChildItem -recurse $BackupDir[$counter]
  Copy-Item -Path ($_ + "\*") -Destination $BackupDir[$counter] -Exclude $exclude -Confirm:$false
  Get-PSDrive Z | Remove-PSDrive

Works fine from PowerShell ISE, none works with TaskScheduler. It seems to me my IIS WebDAV share is kind of broken. I need to re-enter password each time I reboot Windows, while the Nginx share password is stored correctly and I simply press OK.

Improve this question
2
  • @VomitIT-ChunkyMessStyle Thanks for your answer. I tried run not as System, but as myself. The same thing - IIS backup is not copied. The answer you are linking is about double hop issue, but I do not run PowerShell commands having double hop issue. I do not care much if there will be one or some more tasks in TaskScheduler. So please share your solution idea.
    – Dmitry Kosovets
    Commented Aug 30, 2023 at 11:05
  • 1
    Your answer is working, thanks, but the credential should be provided, if none provided it is not working, even with -credential.
    – Dmitry Kosovets
    Commented Aug 30, 2023 at 23:27

1 Answer 1

Reset to default
1

This solution requires the presence of a valid user account on the designated machine where scheduling will take place. To ensure smooth execution of the Task Scheduler job under this account, it's advisable for the associated Windows machine to have had this account logged in at least once. Additionally, it's important to ensure that the account's password does not expire, as the expiration could lead to job failures.

Steps

  1. Log in to the Windows computer using the user account designated for the Task Scheduler job.

  2. Verify that the account's password is non-expiring. Administrative privileges are unnecessary.

  3. Confirm that the account possesses appropriate permissions for both the targeted share (along with its share and NTFS permissions) and the corresponding underlying folder.

  4. While logged in as this account, execute the provided PowerShell script. Ensure that the folder and path used for the Out-File operation are accessible by the account itself.

    During script execution, provide the account credentials as prompted. These same credentials should be used for the scheduled job configuration.

$cred = Get-Credential; ## Type in username and password
$cred.Password | ConvertFrom-SecureString | Out-File "C:\Folder\path\file.txt"; ## Saved encrypted pass to file
  1. You can now configure your script using the below provided logic as an example. However, make sure to customize it according to your specific requirements, including the appropriate username, and adjust the copy-item source and destination paths accordingly.
$Username  = "username123";
$aToken = "C:\Folder\path\file.txt";

$SecurePassword = Get-Content $aToken | ConvertTo-SecureString;
$UserCredential = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$SecurePassword;

New-PSDrive -Name Z -PSProvider FileSystem -Root $NetworkPath -Credential $UserCredential;
Copy-Item -Path ($NetworkPath + "\*") -Destination $BackupDir -Exclude $exclude -Confirm:$false;
Get-PSDrive Z | Remove-PSDrive;
  1. When setting up the Task Scheduler job, ensure that you're logged in to the machine using an account with the necessary permissions. Configure the job to run under this particular user's context, instead of utilizing the SYSTEM account. This way, the user will be able to decrypt the password and pass the appropriate credentials as a parameter value, facilitating the drive mapping process.

Also note, operating as the designated user with granted permissions for the share and folder could eliminate the need for generating a user-specific encrypted password file. This might be unnecessary, given the job's execution under the account already possessing the required permissions.

However, it's essential to recognize that this encrypted password file value isn't transferable for deployment on other machines, even under identical user credentials or on the same machine with different user profiles. When making the encrypted password, it's vital to create a unique one for each user-machine pairing. Changes in the password require the creation of a new encrypted password.

Improve this answer
1
  • 1
    That is working, thanks! For copy I use robocopy, which suits me more: $NetworkPath = "\\<server>.<domain>@SSL\DavWWWRoot" $BackupSource = $NetworkPath + "\<folder>\<subfolder>" ... robocopy $BackupSource $BackupDir /Z /R:3 /COPY:DT
    – Dmitry Kosovets
    Commented Aug 30, 2023 at 22:55

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .