I did that in my company. Install in service mode. Make sure that only admin rights allow you to edit that. You can create script to connect to specified url with command line (script should be runned with admin rights) or admin should set URL manually. I am not usign sign in option (machine key, but now I will switch to client credentials)
The only solution I can think of (which would be pain in the a**) would be to limit network, where you list specified urls to be allowed. So in that case you could write any url in assistant but your network would block you because policy limitation.
So for any automation you would like to work with you should list each URL used in automation, so it could be added to allowed
It is quite hard and time consuming (the most when you start) but you will receive extra control and security.
We already have that by default to some extent. For instance, I can’t access prod from dev devices (cross-domain). But in our dev, I also have a lab (only for my team) and that is a problem since both of them reside in the same domain. It would be very complex to set up firewall rules between these two environments.
I was trying to find some governance option or maybe an installation parameter that could block it from being changed.
Here are the general steps to create a custom installation package:
Download and install the UiPath Studio Installer. This is a tool that allows you to customize the UiPath installation package.
Open the UiPath Studio Installer and select “Create a new package”.
In the “Settings” tab, select “Custom” installation type.
In the “Options” tab, enable the “Assistant” option and configure the desired settings, including the URL of the Orchestrator instance.
In the “Files” tab, select any additional files or components that should be included in the installation package.
Once you have configured all of the desired settings, save the installation package.
Deploy the installation package to the target machines using your preferred deployment tool or method.
To prevent users from changing the URL after installation, you can configure the UiPath Assistant settings to be managed by Group Policy. This will allow you to enforce the URL setting and prevent users from modifying it.
Well, it turns out I can’t block this URL if I’m installing it as a service mode.
Since I’ll be using SSO and AD Groups to manage users in my environment, I think I’ll be controlling cross-environment connections via the AD Groups themselves. I’m Still assessing what is going to be the permanent solution.