Can't change DSC LCM credential

Question

When attempting to access a network shared folder, DSC returns an "Access is denied" error, despite that I have provided a valid credential to it.

I'm using a DSC configuration, where a DSC "Script" resource is as follows:

Script myScriptResource {
        GetScript = {return $true}
        SetScript = {
            $setupShare = '\\SomeNetworkSharesFolder\subFolder'
            # This line produces valid results when run directly on node VM.
            $build = Get-ChildItem "FileSystem::$setupShare" -Name | Sort-Object -Descending | Select-Object -First 1 | Out-String
            Write-Host "Final Build: $build"
        }
        TestScript = {return $false} #Always run Set-Script block!
        Credential = $ValidNetworkShareCredential
        PsDscRunAsCredential = $ValidNetworkShareCredential
    }

I receive an error:

VERBOSE: [MyNodeVM]:                            [[Script]myScriptResource] Performing the operation "Set-TargetResource" on target "Executing t
he SetScript with the user supplied credential".
Access is denied
    + CategoryInfo          : PermissionDenied: (\\SomeNetworkSharesFolder\subFolder:) [], CimException
    + FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand
    + PSComputerName        : myNodeVM

This might be due to the fact the LCM on the node VM is using a local SYSTEM user credential by default.

I attempted to change the user credential manually by navigating to the windows services manager (Hint: RUN then services.msc), and change the user credential in the logon tab of winRM service properties. Everytime I attempt to run the Windows Remote Management (WS-Managment) service, I receive and error:

Windows could not start the Windows Remote Management (WS-Management) service on Local Computer. Error 1079: The account specified for this service is different from the account specified for other services running in the same process.

I don't know how to change the credential of LCM so that it can access the network shared folder upon the execution of Get-ChildItem.

Answer 1

Script myScriptResource {
    GetScript = {return $true}
    SetScript = {
        $username ="someusername"
        $secpasswd = ConvertTo-SecureString “somepassword” -AsPlainText -Force
        $mycreds = New-Object System.Management.Automation.PSCredential ($username, $secpasswd)
        $setupShare = '\\SomeNetworkSharesFolder\subFolder'
        $psDriveArgs = @{ Name = ([guid]::NewGuid()); PSProvider = "FileSystem"; Root = $setupShare; Scope = "Private"; Credential = $mycreds }
        new-psdrive @psDriveArgs -ErrorAction Stop
        # This line produces valid results when run directly on node VM.
        $build = Get-ChildItem "FileSystem::$setupShare"  | Sort-Object -Descending | Select-Object -First 1 | Out-String
        Write-Host "Final Build: $build"
    }
    TestScript = {return $false} #Always run Set-Script block!
}

Answer 2

There isn't an easy way to make it work with script resource because you need an ability to pass credentials to the script resource so that you can mount a drive and use it to copy/paste. If you want to copy files/directory from the share you can use 'File' resource. If you want to copy files/directory to the share you can use 'xFileUpload' resource from xPsDesiredStateConfiguration (https://gallery.technet.microsoft.com/xPSDesiredStateConfiguratio-417dc71d) Module. If you really need to use script resource to do this job, look into how xFileUpload resource is doing it.