3 weeks ago
Hello Community,
There are few applications which I was not able to attach with Blue Prism v7.1. one of them is Local User and Group Manager (lusrmgr.msc - "C:\Windows\System32\lusrmgr.msc").
For development, I'm launching BP as admin then i was able to attach such applications and complete the whole objects with Win32 and everything working fine.
Challenge:
1. It's failing to attach the application when I open BP without "Run as admin" function and running the process.
2. Once we move the process to production, it will fail as expected.
Kindly let me know if there is a way to make it work.
3 weeks ago
@Paritosh @Tejaskumar_Darji @david.l.morris @harish.mogulluri Do we have a solution for above challenge?
3 weeks ago
Can you elaborate how you are trying to open the file and attaching it?
Also Are you able to attach when you are non admin in dev?
FYI : In general, the lusmgr.msc file allows view-only capability if opened without administrative privileges.
If your process involves reading data only, opening the file without administrative privileges may work/
However, if your process involves making changes to user accounts or groups, the lusgr.msc file must be opened with administrative privileges.
3 weeks ago
Myself and service account used for this process is having "admin" rights on server machine.
For development purpose, I'm launching BP as run as admin (by right clicking BP logo on desktop and clcik run as administrator option).
Then, I've used action Utility - Environment: Start Process with "lusrmgr.msc" at process level and attaching it from object level. I need to perform actions like open groups and take screenshots.
Once i open BP as admin and run the process in debug, it's working fine. But I schedule this process on a resource machine from login, dispatcher, worker, report and logout. Process got failed at worker with the attach exception with "lusrmgr.msc".
How to make Blue Prism run as admin automatically to overcome this issue on resource machine to make this process running and attach to such applications without any issues?
3 weeks ago - last edited 3 weeks ago
Hi @ManojKothapalli_G ,
You can basically update the automate exe file properties by default to run as administrator if the bot has admin privileges it will basically run as admin.
Check below KB article.
3 weeks ago
I'm not sure about simply checking the box to run the exe as administrator. Maybe that would work, but I would expect a UAC popup to occur unless you've adjusted the security settings on the machine, which I wouldn't suggest doing. If that works, then that is the simplest way to handle it for sure.
However, for us, we get this UAC popup:
The way I've handled this is in a few steps. I proofed this out, and it does work, but we never actually put the automation into Production that requires this.
Step 1: I had a batch script in the All Users startup folder that would check to see who the logged in user was. If it was the specific user for whom we wanted to launch Blue Prism as admin, then it would call a specific shortcut file (a .lnk file), described in Step 2.
Step 2: That shortcut file was designed to trigger a task in Task Scheduler on that machine, described in Step 3.
Step 3: The task in Task Scheduler was created with the details such that the specific/same user as we detected in the startup file will launch automate.exe as admin. Also configured in this were the details for the specific dbconname and port number etc and what not for running a Runtime Resource.
I know this sounds a bit convoluted, but it does work, and the reason was so that we were not circumventing any security protocols or changing any security settings on the machine, and it also only would do this for a specific user that logs in.
You could of course do this a bit easier if you expect all users to run Blue Prism in admin mode, but we prefer to not do that.
Just a reminder, try Harish's suggestion first since it is much simpler. I just expect you'll encounter the same issue I described above. Your option I think is then to either do what I suggested or change the machine's security settings, if you have approval/access to do so.