Trying to write variable to file returns access denied

My Script is invoked in powershell window “Powershell as Admin”

I have a line which adds some data to

$settings

I draw this data from a computername in

 $hostname

Doing this:

 invoke-command -computername $hostname -script { 
$SettingList = Get-WmiObject -Namespace root\HP\InstrumentedBIOS -Class HP_BIOSEnumeration
$Settings = ($SettingList | Where-Object Name -eq "Secure Boot")
 $settings | out-file -filepath \\\ourfiler\mis$\SecureBoot\$using:hostname.txt -append
 }

The script returns this:

Access to the path ‘\ourfiler\mis$\SecureBoot\our-gentest-lt1.txt’ is denied.
+ CategoryInfo : OpenError: [Out-File], UnauthorizedAccessException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand
+ PSComputerName : our-gentest-lt1

I ran this:

 (get-acl "\\ourfiler\mis$\secureboot").access

And I get this:

FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : OurDomain\Domain Admins
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

I can copy files into the folder. I can open, edit, save a text file with notepad there.

I am a member of Domain Admins

Anybody know what I’m missing?

—K

Found the problem with Access Denied

My “out-file” stuff is inside the invoke-command script block and therefore is executed from the remote computer. The user THERE does not have Write access to the folder

So, I moved the out-file stuff outside of the script block

 invoke-command -computername $hostname -script {
 	$SettingList = Get-WmiObject -Namespace root\HP\InstrumentedBIOS -Class HP_BIOSEnumeration
 
 #Return the current and available values for a specific setting
 $Settings = ($SettingList | Where-Object Name -eq "Secure Boot") 
 $settings
 pause
 }
 $settings | out-file -filepath \\cenfiler\mis$\SecureBoot\$hostname.txt -append

Now, it writes a blank file onto the share. I confirmed that $settings has data before the “pause”, but it doesn’t make it out of Invoke-Command

Still not sure what I’m missing.

—K

First, when formatting your code, don’t quote it, use the </> button and paste it between the backticks. If you can’t see the </> button in the toolbar, it will be under the gear icon.

As to your problem, it sounds like you’re running into the second hop problem. This is summarised as:

1. You are logged in to ServerA.
2. From ServerA, you start a remote PowerShell session to connect to ServerB.
3. A command you run on ServerB via your PowerShell Remoting session attempts to access a resource on ServerC.
4. Access to the resource on ServerC is denied, because the credentials you used to create the PowerShell Remoting session aren’t passed from ServerB to ServerC.

You can understand more about the problem and possible solutions here:

You’re collecting data on a remote computer and store the result in a remote variable. This remote variable is not available on your local machine.

Instead of collecting the results in variable you could simply output it to the local computer and collect it there.

Something like this:

$Results = Invoke-Command -ComputerName $hostname -script {
    $SettingList = Get-WmiObject -Namespace root\HP\InstrumentedBIOS -Class HP_BIOSEnumeration
 
    #Return the current and available values for a specific setting
    $Settings = ($SettingList | Where-Object Name -EQ "Secure Boot") 
    Write-Output $settings
    Pause
}
$Results | Out-File -FilePath \\cenfiler\mis$\SecureBoot\$hostname.txt -Append

Other comments:

Get-CimInstance is generally preferred to Get-WmiObject.

I would suggest looking at the help for Get-CimInstance. That command can be run against a remote computer instead of using Invoke-Command. Something like this would be much cleaner:

Get-CimInstance -ComputerName $hostname -Namespace root\HP\InstrumentedBIOS -ClassName HP_BIOSEnumeration |
    Where-Object Name -EQ "Secure Boot" |
    Out-File -FilePath \\cenfiler\mis$\SecureBoot\$hostname.txt -Append

I don’t know if the syntax for all that is correct, but something like that should work.