无法使用非管理员帐户通过 Web IIS 部署任务部署网站

tag-icon tag-icon iis permissions team-foundation-server release-management
无法使用非管理员帐户通过 Web IIS 部署任务部署网站

我想使用 TFS 发布管理器和 Web IIS 部署任务部署一个网站。当使用的帐户是本地管理员帐户时,它可以完美运行。但使用另一个非管理员帐户时,我遇到了此错误:

##[error]Microsoft.PowerShell.Commands.WriteErrorException: System.AggregateException: Failed to install 'VisualStudioRemoteDeployer1fed642b-3699-404d-be6c-f8edb0a59e0a' from service executable path VisualStudioRemoteDeployer.exe . Consult the logs below:
Exception calling "SetRight" with "2" argument(s): "OpenPolicy failed: 5"
 CategoryInfo :NotSpecified: (:) [], MethodInvocationException
 FullyQualifiedErrorId :Exception
 ---> System.Management.Automation.RemoteException: Exception calling "SetRight" with "2" argument(s): "OpenPolicy failed: 5"
   --- End of inner exception stack trace ---
   at Microsoft.VisualStudio.Services.DevTestLabs.Deployment.Deployment.PowershellExecutor.Invoke(String errorContextMessage, Boolean writeResultToLog, Boolean isCancellable)
   at Microsoft.VisualStudio.Services.DevTestLabs.Deployment.Deployment.RemoteDeploymentHelper.InstallServiceInternal(String serviceSourcePath, String serviceName, String destinationFileName)
   at Microsoft.VisualStudio.Services.DevTestLabs.Deployment.Deployment.RemoteDeploymentHelper.InstallService(String serviceSourcePath, String serviceName, String destinationFileName)
   at Microsoft.VisualStudio.Services.DevTestLabs.Deployment.Deployment.DeploymentClient.<RunAsync>d__24.MoveNext()
---> (Inner Exception #0) System.Management.Automation.RemoteException: Exception calling "SetRight" with "2" argument(s): "OpenPolicy failed: 5"<---

我想知道为什么/这个帐户需要哪些权限。浏览网页时,我发现了这篇文章:

https://social.msdn.microsoft.com/Forums/vstudio/en-US/1fecfb5b-8fe5-4e66-80ac-d908a43c8984/winrm-iis-web-app-deployment-privileges-to-target-server?forum=tfsbuild

但答案是不够的。这项任务应该用本地管理员帐户运行的技术原因/需求是什么?

非常感谢您的帮助。

答案1

我想我明白了。我按照这里的教程操作https://technet.microsoft.com/en-us/library/ff700227.aspx

我认为最重要的是,这个命令解决了这个问题winrm quickconfig

PS C:\Windows\system32> winrm quickconfig
WinRM service is already running on this machine.
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:

Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.

Make these changes [y/n]? y

WinRM has been updated for remote management.

Configured LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.

答案2

该任务使用 WinRM 与目标机器通信,并且 WinRM 仅限于管理员使用。

如果您想使用纯 MSDeploy,通过 HTTPS 协议与 IIS 管理服务通信,则可以使用其他任务,例如微软部署所有事物

相关内容