Mooo0
New Member
Posts:8
 |
| 07/02/2008 9:49 PM |
|
Hello all,
I am fairly new to Powershell and I am at a major learning curve at the moment :)
I am making a basic script, which get-acl the files that are about to move, move files, and set-acl using stored acl ($acl)
Here is a section of the code:
$acl = get-acl $_.fullname
$myPath = $dest + "\" + $_.name
Move-Item $_.fullname $dest
set-acl $myPath $acl
When I execute them, I get the following message:
Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
It may be because it is trying to set the acl WHILE the file is moving (moving not complete).
I would assume the script would wait until the previous command has veen completed but it is not.
Is there any way for it to wait for move-item to complete before moving to next statement?
Cheers
|
|
|
|
|
jdelatorre
New Member
Posts:18
|
| 07/03/2008 8:17 AM |
|
By reading the error carefully you'll see your problem.
"The process does not posses the 'SeSecurityPrivilege' privilege ..."
What this is saying is the "Process", which is PowerShell.exe doesn't have the required security privilege to do what you asked.
If using Vista and UAC, this becomes more clear. Try starting Powershell as 'Administrator' and you'll see that the command works as expected.
It's clear to me you'll dealing with a permission problem, not anything else that I can see. |
|
Joel D. |
|
|
Mooo0
New Member
Posts:8
|
| 07/03/2008 4:46 PM |
|
Sorry, I forgot to add that when I run the script for second time, it runs successfully without any errors.
Could you explain why the script is successful when it's run the second time?
I don't think it's got to do with powershell permission
PS. I'm running Windows XP SP2 |
|
|
|
|
bruceatk
New Member
Posts:12
|
| 07/05/2008 9:44 AM |
|
I would guess that the second time that you run it, it doesn't move any files. We would need to see more of your code in order to say what is really happening.
Bruce |
|
|
|
|
bsonposh
CLI Addict
Posts:363
|
| 07/05/2008 10:00 AM |
|
| I would be curious to see how you call the script. If you . source it. That may explain why it works the second time. |
|
Brandon Shell
----------------
Microsoft Powershell MVP
https://mvp.support.microsoft.com/profile/Brandon |
|
|
Mooo0
New Member
Posts:8
|
| 07/06/2008 5:26 AM |
|
The following is the code:
if($args.length -ne 3)
{
Write-warning "Usage: C3.ps1 [SourceDir] [TargetDir] [NumMonths]"
exit
}
$first = $ArgsΎ]
$second = $ArgsΏ]
$third = $Argsΐ]
if((test-path $ArgsΎ]) -eq $false)
{
write-warning "Source directory non existant!"
exit
}
if((test-path $ArgsΏ]) -eq $false)
{
write-warning "Target directory non existant!"
exit
}
$lastAccess = ((get-date).AddMonths(-$Argsΐ]))
get-childitem $ArgsΎ] -recurse | where{($_.Mode -Notlike "d*") -and (($_.LastAccessTime).ToOADate() -lt ($lastAccess).ToOADate())} |
foreach {
$acl = get-acl $_.fullname
$myPath = $second + "\" + $_.name
Move-Item $_.fullname $second
Set-Acl $myPath $acl
}
I call the script by typing:
.\MoveOld.ps1 C:\Downloads\Files C:\Downloads\Target 20
I run the script once, I get rows of same errors.
I run the script once more, No error messages.
I reckon it is giving me the error because it is trying to set the permission while the files are being copied over. (files aren't existant when trying to set the permission).
Could someone help me out please?
cheers
|
|
|
|
|
bsonposh
CLI Addict
Posts:363
|
| 07/06/2008 10:41 AM |
|
- You dont need to parse args like that. Use a param statement.
- You can use PSIsContainer to test if its a Directory or not
- You can just compare dates.. no need to convert them
- IMO I would use foreach(){} instead of foreach-object
Try This
Param($source,$target,$Months)
If(!(test-path $source) -or !(test-path $target)){'Invalid $source or $target Bad Path'}
$lastAccess = ((get-date).AddMonths(-$Months))
get-childitem $Source -recurse | where{!($_.PSIsContainer) -and ($_.LastAccessTime -lt $lastAccess)} | foreach {
$acl = get-acl $_.fullname
$myPath = $target + "\" + $_.name
Move-Item $_.fullname $target
Set-Acl $myPath $acl
} |
|
Brandon Shell
----------------
Microsoft Powershell MVP
https://mvp.support.microsoft.com/profile/Brandon |
|
|
Mooo0
New Member
Posts:8
|
| 07/06/2008 5:42 PM |
|
Hello bsonposh,
I have tried the code you have given but I am still getting the same error !
PS:6 >.\C5v2.ps1 C:\Downloads\Files C:\Downloads\Target 20
Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
At C:\Downloads\C5v2.ps1:12 char:12
+ Set-Acl <<<< $myPath $acl
Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
At C:\Downloads\C5v2.ps1:12 char:12
+ Set-Acl <<<< $myPath $acl
Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
At C:\Downloads\C5v2.ps1:12 char:12
+ Set-Acl <<<< $myPath $acl
Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
At C:\Downloads\C5v2.ps1:12 char:12
+ Set-Acl <<<< $myPath $acl
and so on...
When I run it again, it's fine !
What is going on :( |
|
|
|
|
bsonposh
CLI Addict
Posts:363
|
| 07/07/2008 7:01 PM |
|
I would speculate that most of the code and is working, but it is unable to completely run due to security rights. The second time it does not try apply the acls because it already has been applied, sorta.
Are you running as an Admin? |
|
Brandon Shell
----------------
Microsoft Powershell MVP
https://mvp.support.microsoft.com/profile/Brandon |
|
|
Mooo0
New Member
Posts:8
|
| 07/07/2008 7:36 PM |
|
I have changed the PC account to administrator and tried running the script you have provided, and I'm getting different errors:
Set-Acl : The security identifier is not allowed to be the owner of this object.
At C:\Downloads\C5v2.ps1:12 char:12
+ Set-Acl <<<< $myPath $acl
Set-Acl : The security identifier is not allowed to be the owner of this object.
At C:\Downloads\C5v2.ps1:12 char:12
+ Set-Acl <<<< $myPath $acl
Set-Acl : The security identifier is not allowed to be the owner of this object.
At C:\Downloads\C5v2.ps1:12 char:12
+ Set-Acl <<<< $myPath $acl
|
|
|
|
|
bsonposh
CLI Addict
Posts:363
|
| 07/07/2008 8:29 PM |
|
When you ran this initially you were running as a non-admin? Now as an admin you get a different error?
You wouldnt happen to be trying to do this with files in a user profile? |
|
Brandon Shell
----------------
Microsoft Powershell MVP
https://mvp.support.microsoft.com/profile/Brandon |
|
|
Mooo0
New Member
Posts:8
|
| 07/07/2008 8:49 PM |
|
Sorry but I couldn't understand what you meant in last sentence.
I am running the script in C:\Downloads
The files I am moving from are located in C:\Downloads\Files\
The target directory is C:\Downloads\Target\
Those folders are not protected by read/write protection.
Is that what you meant? |
|
|
|
|
bsonposh
CLI Addict
Posts:363
|
| 07/08/2008 5:50 AM |
|
Hmmm... Let me try to explain this.
In NT4 and above we have two security measures to deal with when it comes to files. You have permissions and you have rights. Rights are granted to a user by the system and are system wide (not directly related to the filesystem.) Permissions are Access Control Lists that are applied to resources. In this case a file or files.
It is possible for you as "user" to have full control of a file, but not have permission on the destination folder/files. By default these will inherit from the parent and therefore the copy may work, but the ACL change would fail.
In the case of the administrator. As a user it may NOT have permission to the files, but as an Admin it has the RIGHT to change that (although that right has to be forced.) So it is plausible that the admin failed due to permissioning of the files.
The reason I suspected user profiles it because that is very common in that scenario. When the profile is created FC is given to the user and no one else is allowed.
Either way, I still think that may be your issue. I would try to give user FC of both folders and see if that helps. It is definitely a permission/rights issue.
|
|
Brandon Shell
----------------
Microsoft Powershell MVP
https://mvp.support.microsoft.com/profile/Brandon |
|
|
Mooo0
New Member
Posts:8
|
| 07/08/2008 6:03 PM |
|
Thanks for all the effort trying to fix the problem
I just given Full Control to both folders for my account(User) as well as others.
I have tried running script as administrator and my user account but I am still getting same error message :/
Is there any other way to check where the fault is?
Cheers |
|
|
|
|
bsonposh
CLI Addict
Posts:363
|
| 07/08/2008 6:57 PM |
|
Next step is debugging the script. Look here for more info: http://bsonposh.com/archives/241
We need to find out specifically what is breaking. |
|
Brandon Shell
----------------
Microsoft Powershell MVP
https://mvp.support.microsoft.com/profile/Brandon |
|
|
Mooo0
New Member
Posts:8
|
| 07/13/2008 7:59 PM |
|
Ok, so it seems that the problem was that the Ownership of the files I'm playing with were set to local user (James) and I did not have the privilege to change the file permission.
So I tried running the powershell as Administrator but there would still be a problem as the file ownership was still under my user account.
For some reason, it does not like it when I try to change the permission even I am in administrator account !
So I had to change the ownership of the files to Administrator and change the access permission.
Now the problem is that I need to change the file ownership back to the user but I am unable to change it back.
How would you change the ownership back to the user?
|
|
|
|
|