cNtfsAccessControl
cNtfsAccessControl copied to clipboard
dsccommunity
Setting NTFS perms on new drive/directory fails the first time
Hi all,
OS: Windows Server 2016
I am trying to set perms on a directory that I create after formatting a new drive and always I get the following output which causes the DSC to fail. if I run it again it seems to complete ok and that is the end of the matter until the server is rebuilt:
ConfigurationName : MyDSC DependsOn : {[File]Server Folder} ModuleName : cNtfsAccessControl ModuleVersion : 1.0.7.0 PsDscRunAsCredential : ResourceId : [cNtfsPermissionEntry]SetServerNTFSPermissions SourceInfo : ::205::5::cNtfsPermissionEntry DurationInSeconds : 1.109 Error : { "Exception": { "Message": "The PowerShell DSC resource \u0027[cNtfsPermissionEntry]SetServerNTFSPermissions\u0027 with SourceInfo \u0027::205::5::cNtfsPermissionEntry\u0027 threw one or more non-terminating errors while running the Test-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.", "Data": {
},
"InnerException": null,
"TargetSite": null,
"StackTrace": null,
"HelpLink": null,
"Source": null,
"HResult": -2146233079
},
"TargetObject": null,
"CategoryInfo": {
"Category": 7,
"Activity": "",
"Reason": "InvalidOperationException",
"TargetName": "",
"TargetType": ""
},
"FullyQualifiedErrorId": "NonTerminatingErrorFromProvider",
"ErrorDetails": null,
"InvocationInfo": null,
"ScriptStackTrace": null,
"PipelineIterationInfo": [
]
}
FinalState : InDesiredState : False InitialState : InstanceName : SetServerNTFSPermissions RebootRequested : False ResourceName : cNtfsPermissionEntry StartDate : 6/29/2018 1:01:26 PM PSComputerName :
Here is the relevant DSC:
[PSCredential]$serviceaccount = Get-AutomationPSCredential -Name $Node.ServiceAccountName
$installLocation = "E:\Server"
xDisk "FormatServerDrive" {
DiskNumber = 2
DriveLetter = 'E'
FSLabel = 'Server'
}
File "Server Folder" {
Ensure = "Present"
DestinationPath = $installLocation
Type = "Directory"
DependsOn = "[xDisk]FormatServerDrive"
}
cNtfsPermissionEntry SetServerNTFSPermissions {
Ensure = "Present"
Path = $installLocation
Principal = $serviceaccount.UserName
AccessControlInformation = @(
cNtfsAccessControlInformation {
AccessControlType = "Allow"
FileSystemRights = "FullControl"
Inheritance = "ThisFolderSubfoldersAndFiles"
NoPropagateInherit = $false
}
)
DependsOn = "[File] Server Folder"
}
Any suggestions? Thanks. Andrew.
Hello @adhodgson1, Can you please try to reproduce this problem using the latest version of the module? cNtfsAccessControl 1.3.1
Sorry I was using 1.3.0 of the resource but our CI process seems to reversion the module. Now using 1.3.1 and still getting the error. Ran a verbose output and got the following which is strange since the folder in the prior step was created:
VERBOSE: [SERVERNAME]: LCM: [ Start Resource ] [[cNtfsPermissionEntry]SetServerNTFSPermissions] VERBOSE: [SERVERNAME]: LCM: [ Start Test ] [[cNtfsPermissionEntry]SetServerNTFSPermissions] VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] Ensure : 'Present' VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] Path : 'E:\Server' VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] Principal : 'DOMAIN\svc_ServiceAccount' VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] AccessControlInformation : 'cNtfsAccessControlInformation' VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] Verbose : 'True' Cannot find drive. A drive with the name 'E' does not exist. + CategoryInfo : ObjectNotFound: (E:) [], CimException + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetAclCommand + PSComputerName : localhost
VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] Resolving identity reference 'DOMAIN\svc_ServiceAccount'. The property 'Access' cannot be found on this object. Verify that the property exists. + CategoryInfo : NotSpecified: (:) [], CimException + FullyQualifiedErrorId : PropertyNotFoundStrict + PSComputerName : localhost
VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] Current permission entry count : 0 VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] Desired permission entry count : 1 VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] The number of current permission entries is different from the number of desired permission entries. VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] Permission entry was not found (1 of 1) : VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] > IdentityReference : 'DOMAIN\svc_ServiceAccount' VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] > AccessControlType : 'Allow' VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] > FileSystemRights : 'FullControl' VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] > InheritanceFlags : 'None' VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] > PropagationFlags : 'None' VERBOSE: [SERVERNAME]: [[cNtfsPermissionEntry]SetServerNTFSPermissions] The target resource is not in the desired state. VERBOSE: [SERVERNAME]: LCM: [ End Test ] [[cNtfsPermissionEntry]SetServerNTFSPermissions] in 0.9220 seconds. The PowerShell DSC resource '[cNtfsPermissionEntry]SetServerNTFSPermissions' with SourceInfo '::522::5::cNtfsPermissionEntry' threw one or more non-terminating errors while running the Test-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details. + CategoryInfo : InvalidOperation: (:) [], CimException + FullyQualifiedErrorId : NonTerminatingErrorFromProvider + PSComputerName : localhost
It's the same problem as in #3. Please try adding a dependency on the following custom script to see if it fixes the problem:
Script RefreshFileSystem
{
GetScript = {$false}
TestScript = {$false}
SetScript = {Get-PSDrive -PSProvider FileSystem}
}