copy-item With Alternate Credentials

I have encountered this recently, and in the most recent versions of Powershell there is a new [BitsTransfer Module][1], which allows file transfers using [BITS][2], and supports the use of the -Credential parameter.

The following sample shows how to use the BitsTransfer module to copy a file from a network share to a local machine, using a specified PSCredential object.

Import-Module bitstransfer
$cred = Get-Credential
$sourcePath = \\server\example\file.txt
$destPath = C:\Local\Destination\
Start-BitsTransfer -Source $sourcePath -Destination $destPath -Credential $cred


Another way to handle this is using the standard "net use" command. This command, however, does not support a "securestring" password, so after obtaining the credential object, you have to get a decrypted version of the password to pass to the "net use" command.

$cred = Get-Credential
$networkCred = $cred.GetNetworkCredential()
net use \\server\example\ $networkCred.Password /USER:$networkCred.UserName
Copy-Item \\server\example\file.txt C:\Local\Destination\

[1]:

[To see links please register here]

[2]:

[To see links please register here]

PowerShell 3.0 now supports for credentials on the FileSystem provider. To use alternate credentials, simply use the Credential parameter on the New-PSDrive cmdlet

PS > New-PSDrive -Name J -PSProvider FileSystem -Root \\server001\sharename -Credential mydomain\travisj -Persist

After this command you can now access the newly created drive and do other operations including copy or move files like normal drive. here is the full solution:

$Source = "C:\Downloads\myfile.txt"
$Dest = "\\10.149.12.162\c$\skumar"
$Username = "administrator"
$Password = ConvertTo-SecureString "Complex_Passw0rd" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential($Username, $Password)

New-PSDrive -Name J -PSProvider FileSystem -Root $Dest -Credential $mycreds -Persist
Copy-Item -Path $Source -Destination "J:\myfile.txt"

Here's my script that runs as LocalSystem on a machine, but needs credentials of a domaim user to access a network file location. It allows you to store the user's password in a "safe-ish" encrypted file; that can only be read by the user that wrote it.

Setting and changing the password is done by copying a file with the plaintext password in it to the machine. When the script is next run it reads the password, encrypts it, then deletes the plaintext password.

$plaintext_password_file = 'C:\plaintext.txt' # Stores the password in plain text - only used once, then deleted
$encryted_password_file = 'C:\copy_pass.txt' # Stores the password in "safe" encrypted form - used for subsequent runs of the script
# - can only be decrypted by the windows user that wrote it
$file_copy_user = 'OURDOMAIN\A_User'

# Check to see if there is a new plaintext password
if (Test-Path $plaintext_password_file)
{
# Read in plaintext password, convert to a secure-string, convert to an encrypted-string, and write out, for use later
get-content $plaintext_password_file | convertto-securestring -asplaintext -force | convertfrom-securestring | out-file $encryted_password_file
# Now we have encrypted password, remove plain text for safety
Remove-Item $plaintext_password_file
}


# Read in the encrypted password, convert to a secure-string
$pass = get-content $encryted_password_file | convertto-securestring

# create a credential object for the other user, using username and password stored in secure-string
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $file_copy_user,$pass

# Connect to network file location as the other user and map to drive J:
New-PSDrive -Name J -PSProvider FileSystem -Root "\\network\file_directory" -Credential $credentials

# Copy the file to J:
Copy-Item -Force -Verbose -Path "C:\a_file.txt" -Destination "J:\"

_As an extra refinement: The username could also be encrypted as well, rather than hardcoded._

The newer verion of PowerShell handles this and the MS Documentation has a great example [of copying a file with different credentials here][1]

```
$Session = New-PSSession -ComputerName "Server02" -Credential "Contoso\User01"
Copy-Item "D:\Folder002\" -Destination "C:\Folder002_Copy\" -ToSession $Session
```


[1]:

[To see links please register here]