You are viewing limited content. For full access, please sign in.

Discussion

Discussion

Audit Trail Export via Powershell Failing: Access Denied

Audit Trail
Updated 5 hours ago
posted one day ago Show version history

We are trying to export the contents of an audit trail log (V11 and V12) using the Powershell script referenced in the documentation:

Laserfiche Audit Trail 11 Frequently Asked Questions (FAQ) - Knowledge Base

(Thanks Joshua)

The script has a parameter for a username or password, and will use the current Windows credentials if this parameter is not filled in.

The user account we are using is a local administrator and also the admin of the Laserfiche system, and can run all reports natively in the AT Reporter.  In spite of that, the script consistently throws an access denied error.  This does not seem to be Windows permissions. We have run Powershell as an Administrator and not, and that makes no difference.

 

What is interesting is that the error is a write error, which would imply that the problem is not in reading the report, but in writing the csv. We even created a file with the name of our output file, but that did not change the results.  Here is the error detail:

 

    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException

    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Export-AuditReport.ps1

 

And the PS Command we are using:

 

$password = "XYZ" | ConvertTo-SecureString -asPlainText -Force

.\Export-AuditReport.ps1 -BaseUrl "https://audit.example.com/AuditTrail" -Repository MyRepo -ReportId 3J29wOW6GEm_kLqOle1idg -ExportFile C:\temp\savedReport.csv -Username example.com\service-user -Password $Password

 

We went back to check the parameters a bunch of times, because it's often something stupid that gets you.  So, LF Folks, has anyone run this successfully?

0 0
replied 5 hours ago

Every time I've seen an Access Denied error while trying to invoke the Audit Trail report export script, it's been due to the ExportFile directory.

Read the instructions for that parameter closely. I've reproduced them here for reference:

  .PARAMETER ExportFile
  Target file, on the machine where Audit Trail is installed, to save the report. If the file already exists, it will be deleted first, then the new file will be saved with the same name.
  Supported file types are '.xlsx' (Excel) and '.csv' (TAB DELIMITED csv, not comma delimited). 
  If no file type is specified, e.g., "savedReport", '.xlsx' is used by default, unless the export has over 100k rows, in which case '.csv' is automatically used due to technical limitations generating large xlsx files.
  Explicitly using '.csv' is recommended for most use cases. E.g., "savedReport.csv". 

  By default, the export file is saved under '%ProgramData%\Laserfiche\AuditAnalytics\Export' on the server hosting Audit Trail Reporting. To change the export directory:
  1. Update the Audit Trail web.config file as detailed below
  2. Grant the "IIS AppPool\AuditTrailAppPool" local user access rights to the new export location.
  
  The export file is saved under the directory specified in the '<add key="ExportFolder" value="" />' setting in the '<appSettings>' section of the '.\Program Files\Laserfiche\Audit Trail\WebAuditReport\web.config' file. If no ExportFolder value is specified, the default ExportFolder directory is '%ProgramData%\Laserfiche\AuditAnalytics\Export'.
  If you want a different directory, please update the '<add key="ExportFolder" value="" />' setting in this 'web.config' file. It is a good practice to create a backup copy of the web.config file before making any changes.

  UNC paths to other servers or file shares are not supported. If you need the export file to end up at a remote location, either write a secondary script or make a copy of this script and extend it to copy/move the export file to the desired location once the export is complete (you can use the "ReturnValue" outputs to check for completion).

  This parameter takes a full path, e.g., "C:\AuditReportExports\savedReport.csv", which must be under the "ExportFolder" (including subdirectories). Audit Trail will attempt to create a specified subdirectory if it does not exist. For example, with the default ExportFolder (no value set in the web.config), this parameter value will create a subfolder named "2024-06-20" and save the export file as "savedReport.csv" within it:
  -ExportFile 'C:\ProgramData\Laserfiche\AuditAnalytics\Export\2024-06-20\savedReport.csv'

  If you specify a path that is not under the ExportFolder, you will receive an error message in PowerShell like:
  "'C:\\AuditReportExports\\savedReport.csv' is not a valid exporting path, please using a path
  under 'C:\\ProgramData\\Laserfiche\\AuditAnalytics\\Export', and the permission settings are correct. If you want another directory to export, please contact Administrator to change the settings of Audit Trail web site.

Assuming you have not modified the ExportFolder value in the \WebAuditReport\web.config file, start by trying with -ExportFile 'C:\ProgramData\Laserfiche\AuditAnalytics\Export\savedReport.csv'.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...