Allow Windows Runner to operate without elevated permissions
Description
Currently, the GitLab runner on Windows requires elevated permissions that include SeTcbPriviledge. Some organizations do not want to allow the runner to have these elevated permissions and also do not want to run the runner as the built-in system account. "gitlab-runner" when run as a user account attempts to get SeTcbPriviledge
during service creation
Proposal
Modify runner, so it does not require the SeTcbPriviledge
permission
Tasks for assigned developer
-
Verify the security privileges when Runner is set up to run as a service with a user account on Windows. -
Determine the level of effort and proposed solution if in fact, a code change is required to resolve the reported issue.
Edited by Darren Eastman