What permissions are required on a CIFS share to install the Windows Agent using the Powershell script and Director pointing to the share holding the agent installer?
Hello and thank you for your message.
As far as I can tell, there are no special permissions required for the CIFS Share to allow PowerShell to access it.
The only issue I’m currently aware of, is that the PowerShell requires to run as admin. For this you will have to ensure, that the admin account is having the same share mounted - otherwise the session will not find it and prompt an error for an inaccessable device / volume.
The easiest way to make this possible, is by enabling linked sessions. Once activated, mount shares from users are passed through to the admin account once an elevated shell / application has been opened.
This has to be enabled over the registry and the hosts restarted.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=dword:00000001
Just save this content into a file, like
linkedconnections.reg
and execute it.
You can also run PowerShell as Admin to create this entry for you:
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name EnableLinkedConnections -Value 1;
Once the host has been restarted afterwards, this should work without problems.
Best regards
1 Like
I have it working fine from 1 share… but I moved it to another and it fails.
I tried mimicing the permissions and it still failed. Moving it back to the original share works fine.
The script already runs with admin priv.
I’m trying to understand what/who is actually accessing the share when the powershell script runs… is it the computer account of the system you are installing the agent on? Is it the account you are going to run the service as? Is it the account that is running the Powershell script (most likely)?
The user who is actually running the PowerShell instance is requiring the access to the share. Which is always the Administrator account, as you will require to run PowerShell within an elevated shell - unless you disabled UAC.
Then a regular admin user can execute the script without requiring to open an elevated shell.