Automation Apps that Require Elevated Access - Unattended

Hi

Has anyone managed to solve the issue of trying to access an application that needs to be ran as an admin?

I have seen multiple posts, and UiPath provided the following (unsupported) advice (but it did not resolve the problem)

Any further ideas?

To run Uipath service as Admin, we make below changes in policies:-
Run gpedit.msc to open the Local Group Policy Editor. Expand Computer Configuration, Windows Settings, Security Settings, Local Policies, and Security Options.

  • Set “User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode” to Elevate without prompting.
  • Set “User Account Control: Detect application installations and prompt for elevation” to Disabled.
  • Set “User Account Control: Run all administrators in Admin Approval Mode” to Disabled.
  • Set “User Account Control: Only elevate UIAccess applications that are installed in secure locations” to Disabled

Give the robot’s AD account administrator access.

Hi

It has this

UiPath have said that by default the robot service will still launcha s non-admin, and so it can’t start an admin process

With the account having administrator privileges, you can right-click the executable you want to run and choose “run as administrator” and you won’t be prompted to enter admin credentials.

Thanks

My issue is I want to launch it as a process, and as the robot service does not launch as admin, the process that requires admin access does not launch

Unless the robot service is running as admin it will not interact, but by default the service does not start as admin, even for an admin user (when unattended, it is fine in studio)

Every application you start launches as a process no matter how you start it. You’re trying to open a locally installed application as an administrator, right? Program the automation to do it the same way a person would. That’s the point to RPA.

I use the start process method, not double clicking an icon (sorry maybe poor wording on my part)

To launch the process that way, it says I need elevated permissions

Given this issue and the reason behind it (robot service not running as admin), even if I get the app open the robot won’t be able to interact

I need robot service to run as admin I believe

Ryan Woodburn
07801548207
rwoodburn@deloitte.co.uk

There’s no difference. It doesn’t matter how you start an application. Program the automation to click and run as administrator just like you would.

As soon as I use the activity to invoke the process, I get an exception saying it requires elevated privileges

There is no opportunity to click as a human would

I still require robot service to be admin for the interactions anyway

Don’t use the activity. Use regular click etc activities and have the automation do it exactly as you would do it, by right-clicking and selecting run as administrator.

Thanks

The issue is as even if that gets the app running, it will be running as an admin at High integrity, whilst the robot service will still be running as Medium integrity - it will therefore not be able to interact with the admin

This is replicated by
Launch studio, run a process (robot service is now running Medium integrity)
Try to interact with the app manually launched as admin- it does not interact

Launch studio as admin- it can interact with app
However a bot run will not as robot service is still now admin

Kill all UiPath services
Start UiPath studio as admin, launch robot service separately as admin
It can now interact with app

Unless I can get the robot service running as admin / High integrity, it won’t interact with the app even if I get it launched

Does that make sense?

Ryan Woodburn
07801548207
rwoodburn@deloitte.co.uk

Have you tried installing UiPath in user mode instead of service mode?

In user mode I don’t think I can schedule it to run unattended from orchestrator?

Is that correct? (Assuming I don’t manually log on and then disconnect the vm)

Ryan Woodburn
07801548207
rwoodburn@deloitte.co.uk

I didn’t know it is unattended. I’m not sure if that would affect anything. I’d try setting up a VM and installing UiPath in user mode, then see if Orchestrator can still run jobs on it.