I am trying to script H drive creatation for new user builds via MS Orchstrator. I have a script that I put together that does add the appropriate permissions to the folder but only if I run the script as a domain admin. When I try to run the script as the orchestrator service account I get the below error message.
set-acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
At line:11 char:1
The service account does have access to the home drive share as I can do all of these steps manually. The main difference between the service account and my domain admin account is the Domain admin account has full control while the service account has "special" permissions and then given full control there. Can someone point me in the right direction as to my mistake? set-acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation. At line:11 char:1
$acl= get-acl "\\share\users\userid"
$DirectoryOwner = New-Object System.Security.Principal.NTAccount("userid")
$Nuser = "userid","FullControl","ContainerInherit,ObjectInherit","none","allow"
$ar = New-Object System.Security.Accesscontrol.FileSystemAccessRule $nuser
$acl.SetAccessRule($ar)
$acl.SetOwner($DirectoryOwner)
$acl.SetAccessRuleProtection($true,$true)
set-acl "\\Share\users\userid" $acl