I ran into a problem, wrote a script that compresses pdf files through a program and transfers rights to a new file by copying from the old one to differentiate access to new files.
Here is the part of the code that I have is the problem
$owner = $origFile.GetAccessControl().GetOwner([System.Security.Principal.SecurityIdentifier])
$newFile = Get-Item -Path $PathoutFile
$FileSecurity = new-object System.Security.AccessControl.FileSecurity
$FileSecurity.SetOwner($owner)
[System.IO.File]::SetAccessControl($newFile, $FileSecurity)
Get-Acl -Path $origFile | Set-Acl -Path $newFile
My problem is this:
I execute the script using domain administrator privileges, everything works fine. If I use a domain user account and grant maximum rights to the directory, a compressed file is saved in it, and in this case I get the error “Attempt to perform an unauthorized operation.
I do not want to run the script under the administrator account for a simple reason, I believe that such rights are redundant to perform this operation. I am learning and making mistakes, but I want to learn how to write good scripts and competently manage the required access rules for their work, so I ask you to help me figure out what I need to do so that the rights are assigned when using the script. I searched for information on google on this issue but did not find comprehensive information. I found information that you can’t do without administrator rights to change the owner, but I don’t understand why I can’t transfer the rights to a new file in this case. Please help me in solving this problem.
Setting the owner from the old file to the new file is an optional task.
P.s actions are performed on a network share and the user under which the script is running has full access. The network folder is located on Win Serv 2008 SP2 and the script is run on Windows 10 Pro.
Thanks in advance.