How to overcome this error message in Studio: "Cannot access application '.'. Elevated privileges might be required. Try running the UiPath application as an administrator."?

Hi everyone.

I have a very specific problem, I need to make everything related to UiPath as administrator (run elevated) because I have an automation that interact with an application that can only ran as administrator.

To run from studio, I was able to solve the problem forcing the studio, assistant and services (UiPath.service.host and UiPath.service.userhost) to run as administrator, but I`m unable to run a process from orchestrator in an unattended session.

The only exe that I found that also needed the elevation was the UiPath.executor.exe, but if I set it to run as administrator the job fail saying that “the operation need elevation ERROR_ELEVATION_REQUIRED=ERROR_ELEVATION_REQUIRED=0x000002E4” and if I remove the elevation status of the executor the process can’t interact with the application.

After analysing the logs (internal logs from UiPath) the only thing I found that is running is the UiPath.service.host.exe and it already is running as an administrator, do anyone was able to solve this?

@uKisuke

Unattended robots cannot be run with elevated rights…check this for detailed explanation

If you want to run elevated…then try with pip sessions which is available in attended via assistant

Cheers

Hi @uKisuke

Can you try by modifying the UiPath service configuration to run as an administrator.

To do this, open the Services app, find the UiPath service (UiPath.Service.UserHost or UiPath.Service.Host), right-click on it, select Properties, go to the Log On tab, and select “This account” and enter the credentials for an administrator account.

Thanks!

I tried that, but even if I use the credentials, the executor can’t interact with the application and if I force the executor to run as administrator the service can’t start the executor because it says it need the elevation (even if its running elevated).

I’m thinking it may be a problem from windows, maybe a service can’t start an application elevated?

Thanks for the response, but the problem is that I’ll need to run this automation in an unattended session.

EDIT: I just read the other post, and will try some of the approaches mentioned there. I just need another option even if the option may not be the ideal one, but i can’t only ask my client to provide a machine to run an application.

1 Like

How to overcome this error message in Studio: "Cannot access application '.'. Elevated privileges might be required. Try running the UiPath application as an administrator."?

Let’s assume that you are trying to automate via UiAutomation an elevated application, but the Studio application it’s displaying a warning "Cannot access application '.'. Elevated privileges might be required. Try running the UiPath application as an administrator.".

What may be the cause?

The issue is due to that the target application which you are automating needs a higher privilege to interact with it.

How may I overcome this behavior?

You may have a couple of solutions in this case:

  • Run the target application in a non-elevated mode or low Integrity level after which the UiPath Robot will be able to identify the application elements.
  • Automatically start UiPath Executor as admin (Robot user should have administrator access) suitable configurations should be performed at GPO Level. Check with your IT admin team to perform the changes with your organization’s approval. Be informed that UiPath never recommends starting UiPath as admin, due to security concerns.

Resolution

Solution 1 → Run the target application in a non-elevated mode or low Integrity level after which the UiPath Robot will be able to identify the application elements.

Approach #1

  1. Create a .txt file with this information
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker]
@="Run without privilege elevation"

 
[HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker\command]
@="cmd /min /C \"set __COMPAT_LAYER=RUNASINVOKER && start \"\" \"%1\"\""
  1. Save/Rename this text file as <name_of_file>.reg and add it to the Windows Registry. (Double-clicking on it should do the trick.)

Results in the Registry Editor:

  1. Afterwards, right-click the app (for example you have a console.msc file or the mmc.exe console) you’d like to run without administrative privileges and select “Run without privilege elevation”.

In some cases, a small amount of 0.1% of programs may ask twice about the UAC prompt.

Example:

Now in Studio, it will allow you to check and play with the target application.

You may switch to Modern Design Experience in the case you are using the Classic Mode. Set to Yes the Modern Design Experience in your Project Settings and then Reload the project.

After use the reload has been performed, you may use the Use Application/Browser activity.

Results (the target UiElements are recognized now by the UiPath client services):

Approach #2

If you have a particular application (in the below case is presented as the mmc.exe process) that you want to always run without UAC, you can target it with the Registry (add the text to a REG file and import it into the Registry):

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Windows\\SysWOW64\\mmc.exe"="RunAsInvoker"

Result of running the above registry.

After, when you will run the mmc console, it will run as Elevated mode set to No.

Example:

Solution 2 → Make UiPath Robot interact with application, running with Admin rights in Unattended mode.

When running the Robot from Orchestrator, UiPath Robot runs without Admin rights and it can only interact with the applications which are running with the same integrity level.

If the target application is running with a higher elevation, the error “Cannot automate the application, as the target application is with elevated mode” is obtained.

In order to automatically start UiPath Executor as admin (Robot user should have administrator access), suitable configurations should be performed at GPO Level. Check with your IT admin team to perform the changes with your organization’s approval. Be informed that UiPath never recommends starting UiPath as admin, due to security concerns.

To run the UiPath service as Admin, make the below changes in policies:

  1. Run gpedit.msc as Administrator to open the Local Group Policy Editor.
  2. Expand Computer Configuration → Windows Settings → Security Settings → Local Policies → Security Options.
  • Set “User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode” to Elevate without prompting.
  • Set “User Account Control: Detect application installations and prompt for elevation” to Disabled.
  • Set “User Account Control: Run all administrators in Admin Approval Mode” to Disabled.
  • Set “User Account Control: Only elevate UIAccess applications that are installed in secure locations” to Disabled

  1. After performing these changes, restart the machine.

  2. After the machine starts, make sure that the UiPath Robot service is Running. If it is not running, Start this service and check if the Robot is connected to Orchestrator in order to run your automation.

3 Likes

Thanks for your recomendations, I will try them tomorrow and let you know if it works.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.