When attempting to download files using PowerShell's Invoke-WebRequest cmdlet with the -OutFile $env:TEMP parameter, many administrators encounter the frustrating UnauthorizedAccessException. This occurs despite running PowerShell as Administrator, suggesting deeper permission issues.

The root cause stems from how Windows handles the TEMP environment variable. $env:TEMP typically points to a folder path, but when used as-is in -OutFile, PowerShell interprets it as attempting to create a file literally named "TEMP" in the root directory.

Try this diagnostic command:

Write-Host "Your TEMP path is: $env:TEMP"
# Typical output: C:\Users\Username\AppData\Local\Temp

The correct approach requires combining the TEMP path with a filename:

Invoke-WebRequest http://speedtest.newark.linode.com/100MB-newark.bin -OutFile "$env:TEMP\testfile.bin"

Alternatively, for dynamic filenames:

$filename = [System.IO.Path]::GetFileName("http://speedtest.newark.linode.com/100MB-newark.bin")
Invoke-WebRequest http://speedtest.newark.linode.com/100MB-newark.bin -OutFile "$env:TEMP\$filename"

If you still encounter permission issues, verify these aspects:

• The TEMP directory exists: Test-Path $env:TEMP
• Your account has write permissions: Get-Acl $env:TEMP | Format-List
• No file locks exist: handle.exe $env:TEMP (requires Sysinternals)

For more robust downloads, consider these approaches:

# Using .NET WebClient
(New-Object System.Net.WebClient).DownloadFile(
    'http://speedtest.newark.linode.com/100MB-newark.bin',
    "$env:TEMP\linode_test.bin"
)

# Using Start-BitsTransfer (Windows 8+)
Start-BitsTransfer -Source http://speedtest.newark.linode.com/100MB-newark.bin -Destination "$env:TEMP"

Corporate environments may require proxy configuration:

$proxy = New-Object System.Net.WebProxy("http://proxyserver:port",$true)
$webclient = New-Object System.Net.WebClient
$webclient.Proxy = $proxy
$webclient.DownloadFile("http://speedtest.newark.linode.com/100MB-newark.bin","$env:TEMP\test.bin")

When attempting to download files using PowerShell's Invoke-WebRequest cmdlet with the -OutFile parameter, many administrators encounter the frustrating UnauthorizedAccessException. This typically occurs even when running PowerShell as Administrator across various Windows versions (Server 2008/2012, Windows 8.1+).

The error stems from three common scenarios:

# Scenario 1: Directory instead of file path
Invoke-WebRequest http://example.com/file.bin -OutFile $env:TEMP

# Scenario 2: Insufficient permissions on target folder
Invoke-WebRequest http://example.com/file.bin -OutFile C:\\Windows\\Temp\\

# Scenario 3: Anti-virus interference

Solution 1: Specify complete file path

# Correct implementation:
$tempFile = Join-Path $env:TEMP "download.bin"
Invoke-WebRequest http://speedtest.newark.linode.com/100MB-newark.bin -OutFile $tempFile

Solution 2: Bypass execution policy temporarily

powershell.exe -ExecutionPolicy Bypass -Command "Invoke-WebRequest http://speedtest.newark.linode.com/100MB-newark.bin -OutFile C:\\temp\\testfile.bin"

For persistent issues, try these diagnostic steps:

# Check effective permissions:
$path = $env:TEMP
Get-Acl $path | Format-List

# Test folder writability:
try {
    [System.IO.File]::WriteAllText("$env:TEMP\\test.txt", "test")
    Remove-Item "$env:TEMP\\test.txt" -Force
    Write-Host "Folder is writable" -ForegroundColor Green
} catch {
    Write-Host "Write failed: $_" -ForegroundColor Red
}

When Invoke-WebRequest proves problematic, consider these alternatives:

# Using WebClient
(New-Object System.Net.WebClient).DownloadFile(
    'http://speedtest.newark.linode.com/100MB-newark.bin',
    "$env:TEMP\\linode_test.bin"
)

# Using Start-BitsTransfer (Windows 7+)
Start-BitsTransfer -Source http://speedtest.newark.linode.com/100MB-newark.bin -Destination "$env:TEMP"

In locked-down corporate environments, you might need to:

• Add PowerShell.exe to antivirus exclusions
• Request temporary write permissions to %TEMP%
• Use alternate download locations like user profile folders