Webinar

July 20, 2021 12:00 PM EDT
Automation for healthcare providersJuly 20, 2021 12:00 PM EDT
$25,000 in giveaways for attendees - get your first bot implementation for free

Setup Remote Desktop wake-up for Workforce on Windows

Why

Running automation that requires interaction with Windows desktop requires an active user session to Windows.

For example running Workforce Agent as service can perform so-called "headless" operations, but it cannot interact with UI application.

The solution described aims to fix this problem using Windows Remote Desktop (RDP) inside the local machine to enable UI interactions without opening any extra connections and keeping the users and password in the control of the target machine's maintenance.

Goals

  • Enable full desktop access for the robot execution on the target machine that does not have a user logged in.
  • Assign work to the machine from Robocorp Cloud just like any other Workforce environment.
  • Make Windows Remote Desktop access to be as limited as possible and fully controllable by the end-user or IT managing it.
  • Make the setup as secure and straightforward as possible.

Installation

Requirements:

  • Administrator permissions for the setup phase on the target machine.
  • Add or select the user on the target machine you want this setup to use.
    • You can use this user to limit access to the machine the way you want.
    • User can be a local user or from AD; you need to know the user's domain.
    • You need to know the password of this user.
  • Windows Remote Desktop enabled on the target machine.
    • The RDP session is only opened inside the target machine (localhost) and does not need to be open to external connections.
  • The target machine cannot have Windows Interactive Logon messages enabled.
    • These usually come in the form of legal notices and cannot be by-passed by automation as they are meant to require human input.
    • Disabling these has to be done with the permission of the IT controlling the target machine as these are usually setup for a reason.

1. Setup using the helper tool

Get Robocorp Service Helper tool to the target machine. Fill in and run the helper command:

robocorp-service-helper.exe setup-login-service --env-name <name in Cloud> --domain <user domain> --username <user> --link-token <token from Robocorp Cloud>
  • --env-name: This is the name used in Robocorp Cloud.
    • Easiest to use is %COMPUTERNAME%, which should be unique and identifiable in the Cloud.
  • --domain: Domain of the user.
    • If you are running these as the targetted user, %USERDOMAIN% should be a reliable way to get the right domain.
  • --username: Username.
    • If you are running these as the targetted user, %USERNAME% variable holds the correct name.
  • --link-token: Token used to link to correct workspace in Robocorp Cloud.

2. Set password and test the RDP

User password is required in two places:

  • To run the Windows Service.
  • To open the RDP connection.

The helper tool sets up the required things but does that with a placeholder password, so you need to set the password in two places:

  1. Open Windows Services > Find & open Robocorp Workforce Agent properties > Log on

    • The user is already set, but you need to input the user password here and Apply changes. service-password
    • You can now start the service from the General tab to test that everything is OK. service-start
  2. Enable and test the local RDP

    • Run notepad %localappdata%\robocorp\workforce-agent-core-service\local.rdp
      • Find and edit: password:s:<insert password> by placing the user password there: local-rdp
    • Test the connection by running: %localappdata%\robocorp\workforce-agent-core-service\local.rdp
      • Depending on the setup of the machine, you will see the following popups and should run them with the ticks in the pictures below.
      • The first connection will ask for the password; after that, the service can use the connection without these blocking queries. rdp-popup-1rdp-popup-2rdp-popup-3
    • Addition 2021-06-16: In some cases, we have found that the "Remember me" -ticks do not get stored/used correctly
      • The fix for this is to set/move the credential as a generic credential on the target machine.
      • While we are looking for a way to integrate the solution in setup tooling, the credential setting can be done via standard Windows UI tools:
        • Open Credential Manager by typing credential manager in the Start -menu credential-manager-01.png
        • You can find the credential created by the test connection as TERMSRV/127.0.0.2 and can click it open
        • Copy the details and Add a generic credential then remove the credential TERMSRV/127.0.0.2 under Windows Credentials credential-manager-02.png
        • You can now re-test the RDP connection by running: %localappdata%\robocorp\workforce-agent-core-service\local.rdp
          • The connection phase should not ask for any confirmations at this point.

3. Assign work in Robocorp Cloud

You can now configure steps under Workforce Process to point to the new environment and choose whether or not to Use RDP Connection:

rdp-setup-cloud

To test the whole setup, you can use a simple robot that takes a screenshot from the target machine. Example:

*** Settings ***
Library  RPA.FileSystem
Library  RPA.Desktop

*** Tasks ***
Minimal task
    Create Directory    %{ROBOT_ARTIFACTS}
    Take Screenshot    %{ROBOT_ARTIFACTS}${/}screenshot.png
May 24, 2021