我们创建了一个 Azure 虚拟机规模集代理池,并在代理池中启动了管道。由于任务未在 VMSS 实例上的管理模式(CMD、PowerShell 和 Final builder)下运行,我们在作业中遇到了“访问被拒绝”问题。我们需要在代理池中以管理模式运行这些任务。 我们也无法使用虚拟机中的管理员权限运行控制台应用程序。
请提供解决此问题的任何建议。
VMSS 代理池:管道:访问被拒绝问题:
Function Check-RunAsAdministrator()
{
#Get current user context
$CurrentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
#Check user is running the script is member of Administrator Group
if($CurrentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator))
{
Write-host "Script is running with Administrator privileges!"
}
else
{
#Create a new Elevated process to Start PowerShell
$ElevatedProcess = New-Object System.Diagnostics.ProcessStartInfo "PowerShell";
# Specify the current script path and name as a parameter
$ElevatedProcess.Arguments = "& '" + $script:MyInvocation.MyCommand.Path + "'"
#Set the Process to elevated
$ElevatedProcess.Verb = "runas"
#Start the new elevated process
$process = [System.Diagnostics.Process]::Start($ElevatedProcess)
$process.WaitForExit()
#Exit from the current, unelevated, process
Exit
}
}
#Check Script is running with Elevated Privileges
$process = Check-RunAsAdministrator
Write-Host "Hi, I am admin"
#Your other commands to open a txt, etc
或者尝试在虚拟机上禁用 UAC,它可能会干扰使用“AzDevOps”帐户时任务中的意外操作。
$RegistryUAC="HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" New-ItemProperty -路径 $RegistryUAC -名称“EnableLUA”-值 0 -PropertyType“DWord”-Force