While attempting to deploy some SharePoint code via MSBuild, I ran in to the following problem.
I have a msbuild.proj that executes several stsadm commands. These work perfectly when executed from the command-line. However, once they are called from TeamBuild, I get "Access Denied" on the stsadm execution.
The TFS Service account is a member of the Administrators group on the build server. I can login to the build server as the TFS Service account and execute the command-line successfully. This problem only exists when the commands are spawned from TeamBuild.
I have also tried running several EXEC tasks using runas /trustlevel:unrestricted and various other options with no success.
After several, and far too many, hours attempting to resolve the problem myself, I burned a PSS with Microsoft to resolve this issue.
Here is what I had to do. Even though the TFS Service Account was a member of the Administrators group on the Build Server, I continually received Access Denied errors. The suspicion was that the TFS Service Account, when run from TeamBuild, was not executing as an interactive/desktop user. Therefore, there wasn't a profile that was being used. While I don't claim to fully understand why I was getting the errors, we did reach a solution.
I opened regedit and gave full control to the TFS Service Account for the following keys and their sub-keys. I would imagine Read Only access would work, but I have not explored further. Please let me know if you find anything else that may work.
- HKLM\Software\Microsoft\SystemCertificates\
- HKLM\Software\Microsoft\EnterpriseCertificates\
- HKLM\Software\Microsoft\WBEM\