This solution requires the presence of a valid user account on the designated machine where scheduling will take place. To ensure smooth execution of the Task Scheduler job under this account, it's advisable for the associated Windows machine to have had this account logged in at least once. Additionally, it's important to ensure that the account's password does not expire, as the expiration could lead to job failures.
Steps
Log in to the Windows computer using the user account designated for the Task Scheduler job.
Verify that the account's password is non-expiring. Administrative privileges are unnecessary.
Confirm that the account possesses appropriate permissions for both the targeted share (along with its share and NTFS permissions) and the corresponding underlying folder.
While logged in as this account, execute the provided PowerShell script. Ensure that the folder and path used for the Out-File
operation are accessible by the account itself.
During script execution, provide the account credentials as prompted. These same credentials should be used for the scheduled job configuration.
$cred = Get-Credential; ## Type in username and password
$cred.Password | ConvertFrom-SecureString | Out-File "C:\Folder\path\file.txt"; ## Saved encrypted pass to file
- You can now configure your script using the below provided logic as an example. However, make sure to customize it according to your specific requirements, including the appropriate username, and adjust the
copy-item
source and destination paths accordingly.
$Username = "username123";
$aToken = "C:\Folder\path\file.txt";
$SecurePassword = Get-Content $aToken | ConvertTo-SecureString;
$UserCredential = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$SecurePassword;
New-PSDrive -Name Z -PSProvider FileSystem -Root $NetworkPath -Credential $UserCredential;
Copy-Item -Path ($NetworkPath + "\*") -Destination $BackupDir -Exclude $exclude -Confirm:$false;
Get-PSDrive Z | Remove-PSDrive;
- When setting up the Task Scheduler job, ensure that you're logged in to the machine using an account with the necessary permissions. Configure the job to run under this particular user's context, instead of utilizing the
SYSTEM
account. This way, the user will be able to decrypt the password and pass the appropriate credentials as a parameter value, facilitating the drive mapping process.
Also note, operating as the designated user with granted permissions for the share and folder could eliminate the need for generating a user-specific encrypted password file. This might be unnecessary, given the job's execution under the account already possessing the required permissions.
However, it's essential to recognize that this encrypted password file value isn't transferable for deployment on other machines, even under identical user credentials or on the same machine with different user profiles. When making the encrypted password, it's vital to create a unique one for each user-machine pairing. Changes in the password require the creation of a new encrypted password.
-credential
.