Forum Discussion

mattyHip's avatar
mattyHip
Copper Contributor
Dec 28, 2021

Trying to copy files from network share while running a remediation script in Intune

I need to copy a file from the network share to the C:\windows\temp folder, then install the software on the local machine using the proactive remediation script. All of our software installation files are on a netowrk drive. Any way to access network drive via remediation script?

  • Hi

    It depends on your setup ๐Ÿ™‚
    If the nas is accessible from the "system" account it could be possible. But I guess that is going to be the mayor issue here. So you have to add some credentials to th proactive remediations and thats not cool ๐Ÿ™‚ . You can remove them afterwards but.....

    So my first advice, check if you could access the share from a system account (psexec) Another option would be to run the proactive rem as the current user, so you could access the nas, but than you also should have the proper permissions to start installing the app ๐Ÿ™‚
    • mattyHip's avatar
      mattyHip
      Copper Contributor

      Rudy_Ooms_MVP Ok so using psexec -s -i powershell, I tried navigating to the network share \\sharename and access denied. What exactly do you mean by adding credentials to custom remediation script? Is there a way to run script in SYSTEM context BUT retrieve the .exe from the network share and place it in the temp folder using other specified credentials? 

       

      Could I use an invoke-command to run series of commands as specified user?

       

      $password = ConvertTo-SecureString "hello1" -AsPlainText -Force
      $Cred = New-Object System.Management.Automation.PSCredential ("myUsername", $password)
      
      $alternateUsers = [scriptblock]{
          Copy-Item -Path (Join-Path -Path "\\sh.com\util\software\FreshService\2.9 Agent" -ChildPath "fs-windows-agent-2.9.0.msi") `
          -Destination "$tempPath\fs-windows-agent-2.9.0.msi"
      }
      Invoke-Command -ScriptBlock $alternateUsers -Credential $Cred

       

      Can something like this work? And the script still stays in the SYSTEM context just not the script block, yea?

      • Hi,

        Need to check the script from my notebook to be sureโ€ฆ but as long as you supply the proper creds to access the share it would be okay.

        Another possibility would be to split it up? Run one pro active as the user to copy the files and one pro active remediation run as systemto install them?

Resources