PowerShell DSC copy from network share

Question

I am trying to use PowerShell DSC to copy folder contents from a network share. Here is the code:

Configuration TestSetup {
    Node localhost {
        File Test {
            SourcePath = "\\Server\SomeShare\SomeFolder"
            DestinationPath = "E:\test"
            Recurse = $true
            Type = "Directory"
        }
    }
}

This doesn't work however - when I run it I get the following error message:

The related file/directory is: \\Server\SomeShare\SomeFolder.
The path cannot point to the root directory or to the root of a net share.
SourcePath must be specified if you want to configure the destination directory recursively. Make sure that SourcePath is a directory and that it is accessible.
    + CategoryInfo          : InvalidArgument: (:) [], CimException
    + FullyQualifiedErrorId : MI RESULT 4
    + PSComputerName        : localhost

The SendConfigurationApply function did not succeed.
    + CategoryInfo          : InvalidArgument: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 4
    + PSComputerName        : localhost

I get similar results when trying to install a package from a network share or extract an archive from a network share. I'm running PowerShell 4 on Windows Server 2008 R2 SP1.

Is there a way to use PowerShell DSC with network shares?

Answer 1

The DSC Local Configuration Manager runs as the local SYSTEM account, not your user account. It therefore won't be able to access network resources unless it is given explicit permissions.

There are two possible situations. Either the share is on the same machine as the DSC configuration is being applied to (let's call this machine A) or the share is on a different machine (let's call this machine B).

If the share is on machine A, READ permissions need to be granted to the SYSTEM user. For example:

net share SomeShare=C:\SomeShare /GRANT:"NT AUTHORITY\SYSTEM",READ

If the share is on machine B, READ permissions need to be granted to the computer account of machine A. For example:

net share SomeShare=C:\SomeShare /GRANT:DOMAIN\MachineA$,READ

Source: http://www.powershellmagazine.com/2013/09/02/copying-powershell-modules-and-custom-dsc-resources-using-dsc/

Answer 2

The DSC runs on localhost in order to apply configuration. This means the DSC resource files need to be distributed to each machine which is to be configured through DSC.

Permissions management is therefore crucial when copying the DSC files from a share.

DSC runs under the NT AUTHORITY\SYSTEM account and unless the Credential attribute has been set, the Computer account is used when pulling the files from a network share.

Therefore and depending on where the files are pulled from, the SYSTEM account need to be granted read permissions on a local share and the Computer account need to be granted read permissions on a remote share.

This is concretely detailed in Richards answer, which expands syntax wise on the original blog source for this information.

Answer 3

I have no time at the moment to look any further into this, but it looks like it is possible to securely pass credentials for the Local Configuration Manager to use. In fact, in the blog posting his example uses the File resource to pull files from a network share. I hope to try this out soon, then come back to better flesh out this answer.

TechNet Blog: Want to secure credentials in Windows PowerShell Desired State Configuration? - by Travis Plunk

Answer 4

Powershell is almost as dumb as the old cmd shell. It still has very limited support for UNC paths. With that in mind... have you tried aliasing the UNC path? i.e.

New-PSDrive -Name UNCPath -PSProvider FileSystem -Root \\Server\SomeShare\

And then refer to the path as UNCPath:\SomeFolder. Cleanup with Remove-PSDrive when you're done.

Also, sometimes you can specify FileSystem::\\Server\SomeShare\SomeFolder as the path. I've seen cases where this doesn't work... but it's worth a shot.