Reputation: 548
How to add privileges to the nt authority\network service account for GitHub Actions?
GitHub Actions self-hosted runners run under the nt authority\network service account.
According to https://learn.microsoft.com/en-us/windows/win32/services/networkservice-account:
It has minimum privileges on the local computer and acts as the computer on the network.
I am trying to use a GitHub Actions self-hosted runner to deploy an app to my server. To do this I need to access schtasks.exe which currently gives ERROR: Access is denied.
How can I give privileges to nt authority\network service so that it is able to access schtasks.exe?
Upvotes: 5
Views: 2669
Answers (1)
Reputation: 548
I found the easiest solution for my issue was to change the account the GitHub Actions service ran under.
I achieved this by using powershell "(Get-Service actions.runner.*).name"to find the name of the GitHub Actions service.
And then running sc config "NAME_OF_YOUR_SERVICE" obj= "NT AUTHORITY\SYSTEM" type= own to update it to run as the system.
EDIT:
As @Lex Li says
A CI agent (for Azure Pipelines or GitHub Actions) should run under a dedicated account (on Windows usually a service account from Active Directory), so that you can tune its permissions on various resources.
Upvotes: 2
Related Questions
- GitHub Actions: Must have admin rights to trigger workflow_dispatch?
- How to add Windows Credentials via Powershell?
- Can I specify a user account for a GitHub action step on a Windows runner?
- Github Action "bad credentials"
- Unable to add github action successfully to azure app service
- GitHub Actions: Run golint on wihdows
- How to access git as user not admin
- Github authentication failed on windows
- GitHub credential helper conflicts with wincred credential helper
- Authentication failed publishing a repository from Github for Windows