https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Using-WFA-to-determine-and-set-cluster-CIFS-share-NTFS-permissions-via-remote/m-p/110364#M19476 <P>Hi all,</P> <P>&nbsp;</P> <P>Slowly getting to grips with WFA, so please forgive me if I'm missing something fundamental but I've spent some considerable time trying to get a WFA command to remotely set NTFS permissions on a cluster hosted share.&nbsp; The latest version of my code (also hosted on the windows wfa server)&nbsp;&nbsp;is here:</P> <P>&nbsp;</P> <P>$Cluster = "clust1"<BR />Connect-WfaCluster -node $Cluster -vserver "vsm1"</P> <P>$secpasswd = convertto-securestring "password" -asplaintext -force<BR />$mycreds = new-object system.management.automation.pscredential ("domain\user", $secpasswd)</P> <P>$s = new-pssession -computername wfa1 -credential $mycreds<BR />enter-pssession $s<BR />invoke-command -session $s -scriptblock {c:\erunas\mod2.ps1}</P> <P>remove-pssession $s</P> <P>&nbsp;</P> <P>within the mod2.ps1 i am simply trying to perform a couple of tests and initially retrieve the current permissions using get-acl:</P> <P>&nbsp;</P> <P>set-executionpolicy -executionpolicy bypass -scope currentuser</P> <P>whoami &gt; c:\erunas\who.txt<BR />test-connection -computername wfa1 &gt; c:\erunas\wfa1.txt<BR />$a = get-acl "\\vsm1\AMDEV_App"<BR />$a &gt; c:\erunas\amdev.txt</P> <P>&nbsp;</P> <P>"whoami" returns the&nbsp;parsed account from the new-pssession, and is an account with full rights to the share</P> <P>"test-connection" confirms communication from wfa (web gui)&nbsp;to effectively itself (i.e. where the script is)</P> <P>Although receive Access Denied when attempting to capture and save get-acl results</P> <P>&nbsp;</P> <P>If I run the get-acl command independant of wfa, using the same account, in a "standard" powershell session it works fine.&nbsp;</P> <P>&nbsp;</P> <P>My thinking was that I need to use an alternate account otherwise "NT Authority \ System" account is used and is insufficient.</P> <P>&nbsp;</P> <P>Any feedback very much appreciated.</P> Wed, 04 Jun 2025 23:09:40 GMT negusa 2025-06-04T23:09:40Z https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Using-WFA-to-determine-and-set-cluster-CIFS-share-NTFS-permissions-via-remote/m-p/110364#M19476 <P>Hi all,</P> <P>&nbsp;</P> <P>Slowly getting to grips with WFA, so please forgive me if I'm missing something fundamental but I've spent some considerable time trying to get a WFA command to remotely set NTFS permissions on a cluster hosted share.&nbsp; The latest version of my code (also hosted on the windows wfa server)&nbsp;&nbsp;is here:</P> <P>&nbsp;</P> <P>$Cluster = "clust1"<BR />Connect-WfaCluster -node $Cluster -vserver "vsm1"</P> <P>$secpasswd = convertto-securestring "password" -asplaintext -force<BR />$mycreds = new-object system.management.automation.pscredential ("domain\user", $secpasswd)</P> <P>$s = new-pssession -computername wfa1 -credential $mycreds<BR />enter-pssession $s<BR />invoke-command -session $s -scriptblock {c:\erunas\mod2.ps1}</P> <P>remove-pssession $s</P> <P>&nbsp;</P> <P>within the mod2.ps1 i am simply trying to perform a couple of tests and initially retrieve the current permissions using get-acl:</P> <P>&nbsp;</P> <P>set-executionpolicy -executionpolicy bypass -scope currentuser</P> <P>whoami &gt; c:\erunas\who.txt<BR />test-connection -computername wfa1 &gt; c:\erunas\wfa1.txt<BR />$a = get-acl "\\vsm1\AMDEV_App"<BR />$a &gt; c:\erunas\amdev.txt</P> <P>&nbsp;</P> <P>"whoami" returns the&nbsp;parsed account from the new-pssession, and is an account with full rights to the share</P> <P>"test-connection" confirms communication from wfa (web gui)&nbsp;to effectively itself (i.e. where the script is)</P> <P>Although receive Access Denied when attempting to capture and save get-acl results</P> <P>&nbsp;</P> <P>If I run the get-acl command independant of wfa, using the same account, in a "standard" powershell session it works fine.&nbsp;</P> <P>&nbsp;</P> <P>My thinking was that I need to use an alternate account otherwise "NT Authority \ System" account is used and is insufficient.</P> <P>&nbsp;</P> <P>Any feedback very much appreciated.</P> Wed, 04 Jun 2025 23:09:40 GMT https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Using-WFA-to-determine-and-set-cluster-CIFS-share-NTFS-permissions-via-remote/m-p/110364#M19476 negusa 2025-06-04T23:09:40Z https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Using-WFA-to-determine-and-set-cluster-CIFS-share-NTFS-permissions-via-remote/m-p/110547#M19497 <P>Yes, my guess is that you are running the WFA services as your local account. Change that to be a domain account that has the privileges to that share. WFA runs all of its scripts via that user. &nbsp;The services are 'Netapp WFA Server' and 'Netapp WFA Database' honestly, you may be able to get away with only change the 'Netapp WFA Server'.&nbsp;</P><P>&nbsp;</P><P>And welcome to the community!</P> Fri, 02 Oct 2015 13:20:06 GMT https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Using-WFA-to-determine-and-set-cluster-CIFS-share-NTFS-permissions-via-remote/m-p/110547#M19497 coreywanless 2015-10-02T13:20:06Z