Can a Anonymous user run the job placed in shared folder of Orchestrator

Hello All,

Could anyone suggest me if an anonymous user run the job placed in shared folder of Orchestrator without installation of Uipath Assistant and no account in Cloud.

Thanks in advance.

Hi @abs1813,

If a user doesn’t have any account on orchestrator, there is no way that user can run an automation.

Process executions/dev always happens when user/machine is perfectly connected.


1 Like

As @sonaliaggarwal47 mentioned you need to be authenticated to Orchestrator in some way in order to launch the job and a machine where Robot is available to run.

If you are unable to provide access to the users, you would need to create some middle layer between the user and orchestrator that would trigger the job via the API.

Hi @abs1813,

This can be done not by directly accessing a mentioned job in Orchestrator but by using the downloaded process nuget in the robot machine. A user not mentioned in Orchestrator but having admin privileges can run UiPath robot processes.

The AD user with admin rights to the robot machine can install a Robot instance of UiPath and access the already installed Process and run the process using Task Scheduler and UiRobot.exe.
That said, the probability of this happening is low as you can have a group-policy on the use of the VDI/Server/VM of the robot machine.

A simple script can run robot processes:
UiRobot.exe execute --file yourpackagefullpath.nupkg

I have more details on how to automate this here: .net robot launching question - Help / Robot - UiPath Community Forum

So if you are preparing a risk analysis document then I would suggest you have to consider this attack vector.

Risk reducing measures:

  1. Group-policy to avoid access to the Robot Machine
  2. The nuget location used can have a symbolic link to robot user that way the admin can see the folder but the contents are blocked to access
  3. Nuget folder location only accessible by Robot User/s

Hope this gives you some ideas.

1 Like