How to add privileges to the nt authority\network service account for GitHub Actions?

不羁岁月 提交于 2020-04-18 06:14:32

问题


GitHub Actions self-hosted runners run under the nt authority\network service account.

According to https://docs.microsoft.com/en-us/windows/win32/services/networkservice-account:

It has minimum privileges on the local computer and acts as the computer on the network.

I am trying to use a GitHub Actions self-hosted runner to deploy an app to my server. To do this I need to access schtasks.exe which currently gives ERROR: Access is denied.

How can I give privileges to nt authority\network service so that it is able to access schtasks.exe?


回答1:


I found the easiest solution for my issue was to change the account the GitHub Actions service ran under.

I achieved this by using powershell "(Get-Service actions.runner.*).name"to find the name of the GitHub Actions service.

And then running sc config "NAME_OF_YOUR_SERVICE" obj= "NT AUTHORITY\SYSTEM" type= own to update it to run as the system.

EDIT:

As @Lex Li says

A CI agent (for Azure Pipelines or GitHub Actions) should run under a dedicated account (on Windows usually a service account from Active Directory), so that you can tune its permissions on various resources.



来源:https://stackoverflow.com/questions/61048334/how-to-add-privileges-to-the-nt-authority-network-service-account-for-github-act

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!