0

I am trying to install the Azure DevOps Deployment Group Agent as described in Provision agents for deployment groups.

Step 6 includes the following guidance: When prompted for the user account, press Return to accept the defaults.

However, the default configures the agent to run under the NT AUTHORITY\SYSTEM account, and I'm hesitant to give full access to a process that runs commands it obtained over the web. What are the minimum permissions/roles I need to give an agent so it will function properly?

Mike
  • 7,500
  • 8
  • 44
  • 62

1 Answers1

1

Please follow this doc: Provision agents for deployment groups to accept the defaults configures the agent to run under the NT AUTHORITY\SYSTEM account, it is required for the agent to run without issues.

If you run it under other accounts/roles, it will fail with unexpected errors as reported here: https://developercommunity.visualstudio.com/t/running-azure-devops-agent-as-domain-account-fails/712546 and https://developercommunity.visualstudio.com/t/running-azure-devops-deployment-group-agent-using/1107600, etc.

In addition, there is a suggestion ticket inĀ Developer community about this requirement. You can vote and follow this ticket. You can also create a new suggestion ticketĀ here. The product group will review these tickets regularly, and consider take it as roadmap.

Edward Han-MSFT
  • 2,879
  • 1
  • 4
  • 9