UiPath Robot Guide

About Automation Projects on the Robot

The Robot is an execution agent, meaning that you have to provide it with the automation projects you want it to run.

After creating an automation project in Studio, it needs to be published locally or to Orchestrator. Once a project is published, you can send it to the Robot machine and start executing it.

On the Robot machine, the automation packages feed is provided as the value of the NuGetServerUrl parameter, in the UiPath.Settings file (%ProgramData%\UiPath). This is populated by default as follows:

  • When NOT connected to Orchestrator - %ProgramData%\UiPath\Packages
  • When connected to Orchestrator - the default Orchestrator feed (~/NuGetPackages)
    Please note that these values can be customized to suit your needs.

Automation Projects when Connected to Orchestrator

While connected to Orchestrator, the UiPath Robot tray displays all the automation projects the given Robot has been associated with.

Robots that are connected to Orchestrator still need to download and unzip the automation packages locally to execute them. Consequently, when you deploy a package to an environment (create a process) in Orchestrator, it is automatically installed on all the Robot machines from the indicated environment, in the %ProgramData%\UiPath\Processes folder.

If for some reason an automation project is no longer available locally, it is marked with the update update_process icon in the UiPath Robot tray. When you click this button, the package is downloaded and unzipped in the %ProgramData%\UiPath\Projects folder.

Note:

The %ProgramData%\UiPath\Projects folder is automatically created when you first deploy a package to an environment (create a process) in Orchestrator.

If the automation project is not available locally when you start a job in Orchestrator, it automatically downloads it in the %ProgramData%\UiPath\Projects folder and all other dependencies (activities), and then starts the execution.

Automation Projects when Not Connected to Orchestrator

The UiPath Robot tray displays, in the Available Processes section, the automation projects that are stored as follows:

  • in both the %ProgramData%\UiPath\Packages and %ProgramData%\UiPath\Projects folders
  • only in the %ProgramData%\UiPath\Packages directory. These items are marked with the update update_process icon. Clicking this button unzips the process in the %ProgramData%\UiPath\Projects folder.

Only automation projects that are present in the %ProgramData%\UiPath\Packages folder and decompressed in the %ProgramData%\UiPath\Projects can be executed directly.

Note:

The %ProgramData%\UiPath\Packages folder is created when you first publish an automation project from Studio. If you are not connected to either Studio nor Orchestrator, you have to create this folder.
The %ProgramData%\UiPath\Projects directory is created when you decompress the first automation package.

Security Project Considerations

Standard users are prevented from reading and/or writing workflows (*.xaml files) of installed projects. This feature applies to 2018.1.1 Robot instances where the Robot was installed as a service.

The NuGet packages of projects are downloaded and installed by the Robot Service, as previously mentioned. They are protected in the following manner:

  1. A folder for the package about to be installed is created, in the <ProjectName.Version> format, in the %ProgramData%/UiPath/Projects/ directory.
  2. The following security measures are taken for the aforementioned directory:
    • Permission inheritance is disabled and all permissions are cleared;
    • Full control is granted to the Local System account and Built-in Administrators; This means that standard users can no longer list, read or write files in the %ProgramData%/UiPath/Projects/ folder.
  3. The package is downloaded and extracted in this directory, using the NuGet package manager, under the Local System account.
  4. All the temporary generated files are also secured.
  5. For each workflow file (*.xaml) present in the secure folder (including subfolders), permission inheritance is disabled and all permissions are cleared.
  6. Full control over these files is granted to the Local System account and Built-in Administrators.
  7. For the %ProgramData%/UiPath/Projects/<ProjectName.Version> folder, the inheritance is enabled. The permissions for the %ProgramData%/UiPath/Projects/<ProjectName.Version> directory are now the same as those for the parent directory, '%ProgramData%'.

Important!

Access to workflow files (*.xaml) remains protected since the permissions for these were explicitly set without inheritance at step 5. Access to other files in the project folder is granted to standard users.

Securely installed projects are ran by Robot executor instances in standard user mode.
The Robot executor cannot access the workflow files (*.xaml) by itself in the installation folder (%ProgramData%/UiPath/Projects/<ProjectName.Version>), and performs the following steps:

  1. Makes an open file request to the Robot Service.
  2. The Robot Service enables access to requested workflow files only for executors that were created by the Robot Service.
  3. The Robot Service does not allow other user processes to obtain access to a protected workflow file.

Important!

The packages installed by a previous UiPath version (previous to 18.1) remain unprotected.
Only Admins can delete projects.


About Automation Projects on the Robot