KBEC-00511 - How to run tasks with administrator permission on Windows agents

Issue

When running commands that require administrator permission on Microsoft Windows based agents, even when executed with an administrator account, the system is failing with error message

Access is denied.

In the Windows terminal you can run these commands with the option “Run as administrator”, but CloudBees CD doesn´t allow this option for Windows commands.

Environment

Workaround

In the Windows Agent:

Configure the terminal to be executed always with administrator permission (you will not need to “run as administrator” to perform administrator tasks, this could reduce the overall security of the system)

  • Configure the CloudBees CD Agent to be executed with a non-admin account.
  • run the tool secpol.msc
  • Go to Security Settings - Local Policies - Security Options
  • Search for the directive User Account Control: Run all administrators in Admin Approval Mode and set it as Disabled.
  • Additional information about this parameter in the Microsoft Documentation
  • Restart the Agent.
  • Run the CloudBees CD Procedure on this agent impersonating an admin user.

In the procedure that runs the admin command

You will need to create a credential with the Windows admin user and password, and impersonate the step you are running to be executed with this admin user, additional information can be found in Credentials and user impersonation

Have more questions?

0 Comments

Please sign in to leave a comment.