Issue
When running commands that require administrator permission on Microsoft Windows based agents, even when executed with an administrator account, the system is failing with error message
Access is denied.
In the Windows terminal you can run these commands with the option "Run as administrator", but CloudBees CD doesn´t allow this option for Windows commands.
Environment
-
CloudBees CD (CloudBees Flow) agents running on Windows systems.
Workaround
In the Windows Agent:
Configure the terminal to be executed always with administrator permission (you will not need to "run as administrator" to perform administrator tasks, this could reduce the overall security of the system)
-
Configure the CloudBees CD Agent to be executed with a non-admin account.
-
run the tool
secpol.msc -
Go to
Security Settings - Local Policies - Security Options -
Search for the directive
User Account Control: Run all administrators in Admin Approval Modeand set it as Disabled. -
Additional information about this parameter in the Microsoft Documentation
-
Restart the Agent.
-
Run the CloudBees CD Procedure on this agent impersonating an admin user.
In the procedure that runs the admin command
You will need to create a credential with the Windows admin user and password, and impersonate the step you are running to be executed with this admin user, additional information can be found in Credentials and user impersonation