I'm a sysadmin managing several business processes that are fully automated. I use a combination of Power Automate desktop flows and a third-party automation tool. Recently, New York state regulations mandate disabling interactive logins. I'm wondering how my bot accounts can function properly without interactive login enabled, especially since they maintain active RDP sessions for automation. Any advice?
2 Answers
If your bot doesn’t require access to the graphical OS, you could block the account from logging in locally through Local Security Policy. Open Local Security Policy by pressing Win + R, typing secpol.msc, and hitting Enter. Expand Security Settings, go to Local Policies, and find User Rights Assignment. Here, you can edit the "Deny log on locally" policy and add your service account. If your RPA bot needs user simulation via a graphical interface, you might need a documented exception for that account. We’ve invested a lot into our RPA for automating simpler tasks, so we couldn’t disable local logins without significant rewrites.
Just ask your boss or compliance team about this! They might have insights. It's always good to bring some options to the table that they might not have considered yet.
Yeah, I'm already in touch with them and trying to brainstorm some alternative solutions!
That’s what we're planning next week. We have a GPO ready, and we'll be adding our accounts for testing the RPA processes. We’ll be documenting exceptions and collaborating with the security team to strengthen our approach.