- About UiPath Assistant
- UiPath Assistant on Mac
- Field Descriptions
- Automation Configuration
- Task Capture Launcher
- Assistant Governance
- UiPath Assistant for Excel add-in
- About Backward and Forward Compatibility
- Hardware and Software Requirements
- Updating the Robot
- Setting Up Windows Server for High-Density Robots
- Services the Robot Connects to
- UiPath.Settings File Description
- Restarting Robot Components
- Windows Sessions
- Login Using Thales Luna Credential System
- Login Using NShield Key Storage Provider
- Redirecting Robots Through a Proxy Server
- Executing Tasks in a Minimized RDP Window
- Using Mapped Network Drives
- Stopping a Process
- Disable Stop Button
- Custom Package Folders and Network Paths
- CrowdStrike Integration
- Robot Citrix Apps Virtualization
- Common Connection Errors
- Unresponsive Robot Over RDP
- Duplicate Execution Logs
- Frequently Encountered Robot Errors
- Increased Process Execution Duration
- Enforced Package Signature Verification
- Message Too Large to Process
- Errors When Running as Administrator
- NuGet Packages Not Accessible After Migration
- User Access Control Prompt and UI Automation Activities
- .NET required during installation
- Assembly Cannot Be Loaded From Network Or Azure File Share
- Activities cannot find .NET Runtime
About Automation Projects on the Robot
The Robot is an execution agent, meaning that you have to provide it with the automation projects you want it to run.
After creating an automation project in Studio, it needs to be published locally or to Orchestrator. Once a project is published, you can send it to the Robot machine for executing it.
On the Robot machine, the available process feed is:
Notconnected to Orchestrator - the value of the
NuGetServerUrlfield in the
%ProgramData%\UiPath\UiPath.settingsfile (when the robot is installed in user-mode, the file is found in
%ProgramData%\UiPath\UiPath.settings). The value can be customized to your needs. By default, this value is
When connected to Orchestrator - the union of all the processes to which the user has access in Orchestrator.
The Robot uses the feed which responds the fastest, whether or not it's connected to Orchestrator.
Package Signature Verification
When you publish a package from Studio or the Command Line, you have the possibility to sign it. Find out more about signing packages.
The Robot verifies the signature of a package when a job is started. A package is not installed if its signature is not trusted.
A package can have a repository and author certificate. However, only a repository certificate is mandatory, but packages are signed this way by default. You can allow the Robot to install packages if they have just a repository signature, or enforce verification of an author signature as well, before installing a package.
After you start a job, the Robot on the particular machine verifies the package signature as follows:
The repository certificate is checked. It is represented by the
certificatefingerprinttag. The fingerprint from the
NuGet.configneeds to be the same as the one from the package:
- Different - the package is not installed.
- Same - checks if the package needs to be signed by authors as well.
The value of the
allowUntrustedRootattribute is verified. It means that the package needs to be signed by an author:
="true"- only a repository signature is required, so the package is installed.
="false"- an author signature is required, so an additional check is made.
The author signature is verified, which needs to be in the
<owners>tag, inside the
- Not Trusted - the package is not installed.
Trusted - the package is installed.
Automation Projects when Connected to Orchestrator
While connected to Orchestrator, the UiPath Assistant displays all the automation projects the given Robot has been associated with.
Robots that are connected to Orchestrator still need to download and unzip the automation packages locally to execute them.
Consequently, when you deploy a package to an environment (create a process) in Orchestrator, it is automatically installed
on all the Robot machines from the indicated environment, in the
If for some reason an automation project is no longer available locally, it is marked with the update icon in the UiPath Assistant. When you click this button, the package is downloaded and unzipped in the
%USERPROFILE%\.nuget\Packagesfolder is automatically created when you first deploy a package to an environment (create a process) in Orchestrator.
If the automation project is not available locally when you start a job in Orchestrator, it automatically downloads it in
%USERPROFILE%\.nuget\Packages folder and all other dependencies (activities), and then starts the execution.
The Robot can be configured to automatically download and start processes when it is connected to Orchestrator. The option is enabled from the Process Settings window in Orchestrator. A process configured this way is automatically downloaded and started when the UiPath Assistant is launched. Please note that only Attended Robots can automatically download and start processes.
Automation Projects when Not Connected to Orchestrator
The UiPath Assistant displays, in the Available Processes section, the automation projects that are stored as follows:
- in both the
- only in the
%ProgramData%\UiPath\Packagesdirectory. These items are marked with the update icon. Clicking this button unzips the process in the
Only automation projects that are present in the
%ProgramData%\UiPath\Packages folder and decompressed in the
%USERPROFILE%\.nuget\Packages folder can be executed directly.
%ProgramData%\UiPath\Packages folder is created when you first publish an automation project from Studio. If you are not connected to either Studio nor
Orchestrator, you have to create this folder.
%USERPROFILE%\.nuget\Packages directory is created when you decompress the first automation package.
Security Project Considerations
Standard users are prevented from reading and/or writing workflows (*.xaml files) of installed projects. This feature applies to Robot v2018.1.1 and greater instances where the Robot was installed as a service.
The NuGet packages of projects are downloaded and installed by the Robot Service, as previously mentioned. They are protected in the following manner:
- A folder for the package about to be installed is created, in the
<ProjectName>\<Version>format, in the
The following security measures are taken for the aforementioned directory:
- Permission inheritance is disabled and all permissions are cleared;
- Full control is granted to the Local System account and Built-in Administrators; This means that standard users can no longer
list, read or write files in the
- The package is downloaded and extracted in this directory, using the NuGet package manager, under the Local System account.
- All the temporary generated files are also secured.
- For each workflow file (*.xaml) present in the secure folder (including subfolders), permission inheritance is disabled and all permissions are cleared.
- Full control over these files is granted to the Local System account and Built-in Administrators.
%USERPROFILE%\.nuget\Packages\<ProjectName>\<Version>folder, the inheritance is enabled. The permissions for the
%USERPROFILE%\.nuget\Packages\<ProjectName>\<Version>directory are now the same as those for the parent directory,
%USERPROFILE%.Note: Access to workflow files (
*.xaml) remains protected since the permissions for these were explicitly set without inheritance at step 5. Access to other files in the project folder is granted to standard users.
Securely installed projects are ran by Robot executor instances in standard user mode.
The Robot executor cannot access the workflow files (
*.xaml) by itself in the installation folder (
%USERPROFILE%\.nuget\Packages\<ProjectName>\<Version>), and performs the following steps:
- Makes an open file request to the Robot Service.
- The Robot Service enables access to the requested workflow files only for executors that were created by the Robot Service.
The Robot Service does not allow other user processes to obtain access to a protected workflow file.Note:
The packages installed by a previous UiPath version (previous to 2018.1) remain unprotected.
Only Admins can delete projects.
When you create a new project in the Studio profile, select the compatibility based on the environment on which the project will be executed:
- Windows - Legacy - Uses .NET Framework 4.6.1. the compatibility used in releases prior to 2021.10. This is the default option.
- Windows - Uses .NET 6 with Windows support.
Cross-platform - Uses .NET 6 with cross-platform support.Important:
• Projects created as
NET 6 - Windowscan only be executed on 64-bits Robots.
• Projects created in Studio 2021.10.6 using the Windows and cross-platform compatibilities are not compatible with 2021.10.5 or older Studio and Robot versions due to .NET version discrepancy.
For more information, please see this page.