I am setting up an integration tests build where I am just trying to start up a windows service.
I have used the InvokeProcess command to run the powershell scripts which just does the following
The script fails when I run the build process but when I executed the same script outside TFS it works. I get the following error in TFS logs
<em>Start-Service : Service 'ServiceName (ServiceName)' cannot be started due to the following error: Cannot open ServiceName service on computer '.'.</em>
Then I tried changing the way I am starting the service and used SC.exe with parameters <strong>"Start ServiceName"</strong> in the InvokeProcess and I get Access Denied error in TFS as follows:-
<em>SC start ServiceName. [SC] StartService: OpenService FAILED 5: Access is denied.</em>
I am using Network Service account to run the build.
After searching a while, I have come to the conclusion that I have to run the InvokeProcess with elevated privileges but I don't know how would I do that with in TFS.
Any help is much appreciated.Answer1:
We run our build agent as a custom service account and give that domain account admin access on the servers we deploy to.Answer2:
I have resolved the issue by adding Network Service account to the administrator group. I might not go with this solution as it seems wrong to assign administrative rights to Network Service account but I don't know how to assign Service Start/Stop permissions to Network Service without adding this account to Administrator group.
In short, I agree with the answer that a custom service account must be used to run the build with appropriate privileges.