Using alternate credentials with the FileSystem in PowerShell

In PowerShell, cmdlets like Get-ChildItem and Get-Content support a -Credential parameter so you can access resources that require you to log in… the problem is that the built-in FileSystem provider does not. So as an example, if you have a server on a different domain and you want to copy files off of it, you can’t do this:

$cred = Get-Credential
Copy-Item \Server\Share\Folder\*.log C:\Logs -Credential $cred

That will throw an error: “Cannot retrieve the dynamic parameters for the cmdlet. The provider does not support the use of credentials. Perform the operation again without specifying credentials.”

Impersonation

To solve this problem at work, I’ve written an impersonation module. It basically has two methods: Push-ImpersonationContext and Pop-ImpersonationContext. There is one catch: you need to be running in single-threaded apartment mode for it to work, because the impersonation only affects the current thread (if you’re not running PowerShell.exe -STA, your commands execute on a thread pool, so you never know from one to the next what thread you’ll be on). In any case, you use it like this:

$cred = Get-Credential
Push-ImpersonationContext $cred
Copy-Item \Server\Share\Folder\*.log C:\Logs
Pop-ImpersonationContext
 

It’s really very simple, and works great for when you need to access resources across multiple domains. Particularly files, for which PowerShell doesn’t support alternate credentials at all. :( Anyway the module code is on PoshCode, save it to your Documents\WindowsPowerShell\Modules\Impersonation\Impersonation.psm1 and use Import-Module Impersonation to load it. Here you go:

Reblog this post [with Zemanta]

Similar Posts:

    None Found