Powershell script as specific user

Question

I'm having issues calling a Powershell script as a specified user and hoping someone has input on how to troubleshoot.

I have a functioning script that moves files to a network location called "Move_files.ps1". This runs without issue when manually run from the PS console (I gather it's using the credentials I'm logged in as).

In production Move_Files.ps1 will be called using a Oracle APEX (web) front end & windows command line. As a result the powershell script is run as 'System' and the user is 'anonymous', not valid credentials.

What I have so far is a powershell script called "RUN.ps1" that is supposed to call the "Move_files.ps1" scripts using specific credentials (that has the necessary write permissions). The following was adopted from here.

$ScriptPath = split-path -parent $MyInvocation.MyCommand.Definition
$User = "domain\username"
$secpass = ConvertTo-secureString "password" -asPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($User,$secpass)
#Call script which Moves CSV to share
start-process powershell.exe -ArgumentList "$ScriptPath\Move_files.ps1" -Credential $cred     

From the PS console the above code (RUN.ps1) is sucessfully called and runs the Move_files.ps1 but when run from the APEX executed CMD command the RUN.ps1 runs but fails to start Move_files.ps1.

I log all PS1 files opened so can see when files are opened. Start-transcript is not giving any usable output. Any further troubleshooting steps or input is greatly appreciated.

Thanks for taking the time to help out on this!

---

Update 1. As the PS1 scripts are being kicked off from command prompt the Transcript Start didnt output any resulet. The log file actually had to be generated from APEX & command prompt (details below the output):

Transcript started, output file is c:\Powershell\transcript0.txt
Start-Process : This command cannot be executed due to the error: Access is denied.
At C:\PowerShell\RUN.ps1:22 char:15 + start-process <<<<  powershell.exe -Credential $cred -file "& $ScriptPath\Move_files.ps1" + CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

I imagine that this "Access error" is due to calling powershell from command prompt because the credientials used have admin access to the folder. Next step I guess is getting the Local Environment Variables using the line

Get-ChildItem Env:  

A quick how to for anyone repeating these steps:
APEX code calling the Powershell script

BEGIN    SYS.DBMS_SCHEDULER.CREATE_JOB(         
job_name => 'PS_scripts' ,        
job_type => 'EXECUTABLE',        
job_action => 'C:\WINDOWS\system32\cmd.exe',                     
job_class => 'DEFAULT_JOB_CLASS',        
comments => 'Job to test call out to batch script on Windows',        
auto_drop => FALSE,        
number_of_arguments => 2,        
enabled => FALSE);     
--SYS.DBMS_SCHEDULER.SET_JOB_ARGUMENT_VALUE( --this function is commented out      
--job_name => 'PS_scripts' ,                 --reason is /q turns echo off
--argument_position => 1,                    --& we need eccho to get the log!
--argument_value => '/q');     
SYS.DBMS_SCHEDULER.SET_JOB_ARGUMENT_VALUE(         
job_name => 'PS_scripts' , 
argument_position => 1, argument_value => '/c');     
SYS.DBMS_SCHEDULER.SET_JOB_ARGUMENT_VALUE(         
job_name => 'PS_scripts' , 
argument_position => 2, 
argument_value => 'powershell "& C:\PowerShell\RUN.ps1" > "C:\Powershell\log.txt"'); --pipe the output here     
SYS.DBMS_SCHEDULER.ENABLE( 'PS_scripts' ); 
END;

Answer 1

A shorter solution by mapping a network drive and pre-caching credentials.

Found here

My working code (Move_files.ps1)

$ScriptPath = split-path -parent $MyInvocation.MyCommand.Definition

$Destination = ""\\domain.lan\shared\New_Location"
$username = "username"
$password = "password"

net use $Destination $password /USER:$username

Get-ChildItem -Path "$ScriptPath\Old_Location\*.csv"  | Foreach-Object  { copy-item -Path $_.fullname -Destination $Destination }

#delete the share 
net use $Destination /delete 

Answer 2

I came across a function that solves the issue.

The Powershell Background Intelligent Transfer Service (BITS) has a -Credential field and so can transfer files using credentials from an account other then SYSTEM.

I came across the solution here

My Move_Files.ps1 code now looks like this:

$ScriptPath = split-path -parent $MyInvocation.MyCommand.Definition

Function Get-PSCredential($User,$Password)
{
$SecPass = convertto-securestring -asplaintext -string $Password -force
$Creds = new-object System.Management.Automation.PSCredential -argumentlist $User,$SecPass
Return $Creds
}

Import-Module BitsTransfer
$Destination = "\\domain.lan\shared\New_Location"
$credential = Get-PSCredential -User username -Password password

Get-ChildItem -Path "$ScriptPath\Old_Location\*.csv"  | Foreach-Object  {Start-BitsTransfer -source $_.fullname -destination $Destination -credential $credential}

Move_Files.ps1 can now easily be called from RUN.ps1:

start-process Powershell.exe -noprofile -executionpolicy Bypass -file C:\Move_files.ps1