Hey team,
We're testing out some new software deployment scripts in NS7 are we're having some trouble with permissions.
Basically, I've got a manged policy that executes a PowerShell script that lives on a UNC share in our domain.
If I run the policy with one of our domain accounts, it works no problem.
However, I would like the managed policy to run with the symantec management agent credentials (so we don't have to specify credentials for each policy).
This means that it's running as the Local System account.
The problem is, we get an error whenever the policy tries to run the script.
I can see in the event viewer on the client machine that when the policy runs, the domain\computer$ account launches PowerShell (as it should) but then fails. If I output the errors to a text file, i get the following:
The term '\\domain\smp\test.ps1' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Fair enough, this is PowerShell's way of saying that it doesn't have permission to access that share. This makes sense, as the local system account doesn't have access to the network by default.
So I go to the folder on that share, say \\DOMAIN\SMP\ and give the computer account I'm testing on (DOMAIN\COMPUTERNAME$) explicit access to it. It doesn't work.
OK, I give the Everyone group full access to the share. Still doesn't work.
Last resort, I give the Anonymous group full access to the share. Still doesn't work!
I've seen people in other departments do the exact same thing we are trying to do. I assume I'm just missing somethere here. Does anyone have any suggestions?
Any help would be very much appreciated!
Cheers
Rhys