问题
GitHub Actions self-hosted runners run under the nt authority\network service
account.
According to https://docs.microsoft.com/en-us/windows/win32/services/networkservice-account:
It has minimum privileges on the local computer and acts as the computer on the network.
I am trying to use a GitHub Actions self-hosted runner to deploy an app to my server. To do this I need to access schtasks.exe
which currently gives ERROR: Access is denied.
How can I give privileges to nt authority\network service
so that it is able to access schtasks.exe
?
回答1:
I found the easiest solution for my issue was to change the account the GitHub Actions service ran under.
I achieved this by using powershell "(Get-Service actions.runner.*).name"
to find the name of the GitHub Actions service.
And then running sc config "NAME_OF_YOUR_SERVICE" obj= "NT AUTHORITY\SYSTEM" type= own
to update it to run as the system.
EDIT:
As @Lex Li says
A CI agent (for Azure Pipelines or GitHub Actions) should run under a dedicated account (on Windows usually a service account from Active Directory), so that you can tune its permissions on various resources.
来源:https://stackoverflow.com/questions/61048334/how-to-add-privileges-to-the-nt-authority-network-service-account-for-github-act