For certain processes our Information Security team has requested the use of elevated credentials when accessing certain directories. I can’t find an obvious way to do this. I would retrieve elevated credentials from Orchestrator using a “Get Credential” activity.
I just need to get the following activities to work on a directory which required elevated credentials to access:
*“Move File” (either To or From)
*“Copy File” (either To or From)
*“Path Exists”
*“Delete”
Directory.GetFiles command
I don’t know PowerShell, but I am wondering if that might be the way to do it? Any input on that or other ideas would be appreciated. Thanks!
The biggest issue is going to be the UAC (!!) The UAC keeps us safe from nefarious folks and their unscrupulous codes
Basically - yes you can ask powershell to run something using a different account, but the UAC window is going to pop up asking for credentials and the robot will not be able to interact with that.
It is possible to disable UAC, please do not ask the security team to do that
If you are able to experiment with the robot was running under the elevated account to perform that specific operation you might get your AHAH! moment but there is definitely going to be some tinkering to confirm that it works for your stack.
@cursive AHAH! I am testing something now- might have some goodies for you in 30
This might not be the most efficient way of doing this but it sure seems effective
I used the Start Process Activity
I’m starting powershell, but then I’m telling powershell to open powershell as a different user (-credential)
Thank you for taking the time! This has been very helpful and will probably be the technique that I use. I will do some experimenting on my end and follow up if I have more questions. I really appreciate it!
As for formatting, I don’t see why you have all the + signs when you can create a single string. Also, I’ve found that PowerShell allows use of ’ in place of " in most cases, so with those 2 things in mind I came up with:
where username, sourceFilePath, and destinationFilePath are string variables.
The only outstanding issue I’ve run into is the on the VM the bot runs from the file path <C:\Users*BotName*.nuget\packages*ProcessName**ProcessVersion*\lib\net45> and the which is where PowerShell tries to default and the elevated account lacks access. I am looking into working is a systems administrator to simply change the PowerShell default directory. Once that’s settled it should just flow.