Logon

Description

Gives the server instructions to run tasks under a particular user as well as specify how tasks should behave depending on the current state of the workstation. For example, you can set Automate to logon a specified user if the workstation is logged off or unlock the workstation if it is currently locked before performing the steps of the task. Additionally, you can set tasks to run in the background, whether the workstation is currently logged on, locked, or logged off. By default, these settings are inherited by all tasks unless they are set by way of the settings of an individual workflow or task. For more details regarding inheritance hierarchies, see Property Inheritance.

To access the Logon properties, select Options on the Server Management Console's navigation bar, and then select Default PropertiesTasks > Logon.

You can also access these properties in the Repository by right-clicking a task, and then selecting Go to > Logon.

NOTE:
  • By default, these properties are inherited by all tasks on the system unless they are overwritten by way of the individual agent, workflow or task level. For more details regarding inheritance hierarchies, see Property Inheritance.
  • In Windows, Automate will automatically log on or unlock a machine only when User Account Control (UAC) is enabled. UAC is a feature which aims to improve security by limiting application software to standard user privileges until an administrator authorizes an increase or elevation.

Related Topics

Running tasks while system is locked or logged off

When a Windows computer is in a logged off state, there is no current user, thus, Logon properties are available that allows you to control how this condition is handled. The Windows security architecture prevents "interactive" events from being sent to applications while a computer is locked or logged off. Because of this, Logon properties can be set to logon as the default user before running the task. In this scenario, Automate simulates the logon or unlock process in order to properly run tasks that contain interactivity related actions such as Send keystrokes or Click Mouse.

However, most operations such as FTP, Database, Cryptography, File System and Process related actions and activities can run completely in the background without needing to perform a logon. In such cases, you can set Logon properties to simply run in the background when the workstation is logged off or locked, which is the ideal setup for unattended back-office environments. Moreover, you may also specify not to run the task at all or to run as a specific alternate user.

Parameters

Property Description
When workstation is logged on If the task is triggered while a user is logged onto the workstation, Automate can run the task in one of three ways:
  • Logged on user - Automate runs the task as the currently logged on user. For example, if the user currently logged onto the workstation is joe@fortra.com, the task will use Joe’s registry and application settings. This default option is adequate for most situations.
  • Background user - Automate runs the task in the background under the user credentials set in the Specified User section (near the bottom of the page). If this option is selected, tasks will run in the background in the context of the specified user and act as if the task had been started by that user. This option should be used to run a task in the background regardless of whether or not a user is currently logged on, and do not want the task to end when the workstation is logged off. Since this option only allows tasks to run in the background, tasks containing interactive actions (that is, Send Keystrokes, Move Mouse to Object, Press) will fail.
When workstation is logged off If the workstation is logged off and waiting for a user to log in when the task triggers, Automate can attempt to do one of three things:
  • Don’t run - The task will not run when the workstation is logged off. Since tasks may require interaction with the desktop, and such interaction can only be performed when a workstation is logged on, this default option provides greatest compatibility with various scenarios.
  • Run as background user - Automate will attempt to run the task behind the logon screen after silently logging on the specified user set  in the Specified User section ( near the bottom of the page). Automate does not display a desktop, and therefore tasks that interact with program interfaces or windows will not function correctly. This option is, however, recommended for non-interactive tasks that require elevated rights, such as copying files from secure areas or automating secure FTP transactions, without user knowledge or intervention. Note that tasks set to run as Background User while the workstation is logged off may fail if any part of the task is required to access the registry. This is because the HKEY_CURRENT_USER section of the registry is not available when a user is logged out. In such cases, select the Logon specified user option to allow Automate to log onto the desktop before running the task.
  • Logon specified user - Automate will log onto the desktop using the user credentials set in the Specified User section ( near the bottom of the page). This is accomplished by emulating a user logon when the Windows Logon screen appears. If Automate determines that the logon attempt is successful, the task runs as specified by the When workstation is logged on > Specified User options.  
When a workstation is locked If the workstation has been locked, either by a user, the Lock Workstation action in Automate, or a screen saver, Automate can attempt one of three things:
  • Don’t run - Automate will not attempt run the task if the workstation is locked.
  • Run as current user - The task will run behind the locked workstation screen using the currently logged on user’s account. This will cause tasks that require interaction with the desktop to operate incorrectly or fail but provides an excellent and secure way to run background tasks that do not require user interaction, such as unattended file copies or FTP transmissions.
  • Run in background as specified user - This is similar to the Run as current user option; however, the task will run behind the locked workstation screen using the credentials set in the Specified User section instead of the currently logged on user’s account.
  • Unlock using specified user - Automate will attempt to unlock the workstation using the Specified User account. Note that the specified user must be the same user that was initially logged onto the workstation before it was locked. This is because Windows only allows a workstation to be unlocked using the same  credentials of the user that initially locked the workstation. Automate cannot forcibly log off a user if an attempt is made to unlock the workstation with a user other than the current logged on account.
Specified User When you choose to logon or unlock the workstation using a specified user, you must define exactly what user Automate is to use. To do this, choose one of two options:
  • Use the default user account specified in the agent options - If selected, Automate will use the user account specified in the Default User options set under the default agent properties or under the settings of an individual agent.
  • Use specified user account - If selected, allows you to enter a user specific for this task. This account will always override the default account entered in the Use the default user account specified in the agent options parameter.
Default user name The user name to be used by default. The default user name can be either a plain user name (for example, sparky), or a username/domain combination (for example, sparky@fortra.com). When the latter form is used, the Default domain / machine name field is disabled. This parameter is only available if the Use specified user account option is selected under the Specified User parameter.
Default password The password to be used with the default user name specified above. This option can be blank if no password is associated with the selected user. This parameter is only available if the Use specified user account option is selected under the Specified User parameter.
Default domain / machine name The domain or machine name the user is a member of. This option can be left blank if the user is not a member of a domain or if there is only one workgroup for the machine. These values are also used to replace the special fields of the Logon and Unlock Keystrokes used when logging on or unlocking a workstation. This parameter is only available if the Use specified user account option is selected under the Specified User parameter.
Run with highest privileges In Windows, when User Access Control (UAC) is enabled, a task requires administrator privileges to run. Enabling this option automatically sets the task to run with elevated privileges. This parameter is disabled by default.