I am running a build server on windows server 2008 (team city). The builds are run by the Team city agent that runs as a windows service under LocalService account.
One of the builds need to copy a zip file it creates to a remote share, to do this I've got a powershell script that attempts to shell a new process with credentials of a user with appropriate permissions to write to the share. The problem is that the script fails to create the process. I can run the script fine from my admin user (so the script itself would seem to be fine), this makes me think that the LocalSystem account does not have some permission to shell new processes with different credentials or something like that?
Any ideas what this error really means? Note: I can't see any errors in the security event logs which seems odd(?)
$userName = "domain\user"
$password = "password"
$secstr = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $userName, $secstr
$command = "Copy-Item d:\file.zip \\remote\share\file.zip"
$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
$encodedCommand = [Convert]::ToBase64String($bytes)
Start-Process powershell -NoNewWindow -ArgumentList "-encodedCommand", $encodedCommand -credential $credentials -wait
Error thrown at Start-Process line
System.InvalidOperationException: This command cannot be executed due to the error: Access is denied.
at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)