What are the different types of Windows Authentication in Leapwork Remote Agent?

Leapwork's latest release with build version 2020.1.709 has the new feature of Windows Credential Provider. It is the mechanism that allows you to log in to windows in a secured and hassle-free way. As part of this, Leapwork provides users 3 different ways to cater to windows authentication under the Remote  Agent category. They are

• Windows login

• Windows login - Auto

• Password

Below description defines them:

1. Windows login: It is used to authenticate connections to the agent with a Windows username and password. Users can get the username by navigating to the command and type "whoami" and copy the username and provide the system password in the password field.

2. Windows login-Auto: It is used to automatically login to the agent with a predefined Windows username and password on each agent connection. The user does not require the Login building block in the flow if this option is chosen as the user will be autologin to the agent with the credential defined for Autologin.

3. Password: It is used to login to Windows using a simple password(i.e the agent password set during the installation). This is deprecated and will be removed from Leapwork in a future release.

This login and logout functionality works even with machines that have just been started or rebooted, without any prior user sessions, from Windows 7 SP1 and onwards. This makes it very easy to automate tasks on virtual machines and automate testing of complex, data-driven single-sign-on (SSO) scenarios.

Note that the functionality is based on a Windows “credentials provider” which does not circumvent any security measures in Windows. It simply lets Leapwork interact directly with the login/logout security feature built-in to Windows.

With this new security addition, support for Leapwork Agent passwords will begin deprecation and is expected to be removed from the product before the end of the year.

Note - In case, you do not want a windows user to be an administrator user (as that user has too many permissions) while connecting to an agent, then we have to assign specific permissions to that user which is named "Allow log on locally" permissions. Moreover, in windows server products by default, only “Administrators” have "Allow log on locally" permissions. So, we can follow the below steps to add a Leapwork test user in this category to proceed further.

    1. Open the Local Group Policy Editor:

• Simultaneously press the Windows+ R keys on your keyboard.
• At the Run window, type gpedit.msc & press Enter.

2. Inside the Local Group Policy Editor, in the left pane navigate to:

Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

3. Look at the right pane and right-click on Allow log on locally and select Properties.

4. On the newly opened window, click on Add User or Group button.

5. Add the required user and then click “OK” and then “Apply”

6. Close the Local Group Policy Editor and restart your computer.

For any clarification, please contact our Priority Support.