- What is ScriptRunner?
- Installing and configuring ScriptRunner
- New features in ScriptRunner Portal Edition R4
- New architecture and Portal redesign
- New Run area
- New credential configuration, including SSH
- New target configuration in the Portal
- Automatic module detection with advanced target testing functionality
- Use Microsoft Graph and token-based authentication for M365 services
- Upload of files by users for bulk processing
- Signed PowerShell script enforcement
- Impressions of the new ScriptRunner release
- What’s your ENow AppGov Score? Free Microsoft Entra ID app security assessment - Thu, Nov 30 2023
- Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
- dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
As admins become more familiar with and reliant on PowerShell scripts in the environment, managing, securing, versioning, and controlling the use of PowerShell is increasingly challenging. ScriptRunner is a platform that can be seamlessly connected to the existing environment via REST API. It provides management and control around using PowerShell scripts in the environment, allowing even nontechnical users access to the information supplied by PowerShell via an automatically generated GUI. The latest ScriptRunner Portal Edition R4 release offers many new enhancements to the platform.
What is ScriptRunner?
ScriptRunner is a solution that allows organizations to centralize and standardize the running of PowerShell scripts across the environment. It provides policies, logging, reporting and live monitoring for PowerShell, which helps standardize and deliver governance around PowerShell execution across the environment.
It allows organizations to automate and delegate the delivery of routine activities and tasks, providing guardrails around running PowerShell to monitor and control how users can run the scripts, which systems they can target, and which modules they can use.
Installing and configuring ScriptRunner
ScriptRunner continues to streamline the installation and configuration of the product. To get up and running with ScriptRunner Portal Edition R4, you need to download the ZIP file, extract the executable, and run through the installation wizard. This process takes only a couple of minutes.
Ensure you have the IIS role installed in Windows Server, and then run the installer.
Beginning the ScriptRunner Portal Edition R4 installation
Configure the service endpoint for the web apps to connect to the central service of ScriptRunner. It defaults to the FQDN of the server name.
Set up your service endpoint FQDN
After the files are copied, the installer finishes, and you are ready to begin configuring your instance of ScriptRunner (setting up credentials, targets, etc.).
Finishing the installation of ScriptRunner
New features in ScriptRunner Portal Edition R4
The new ScriptRunner Portal Edition R4 release is massive in terms of functionality, features, and capabilities. ScriptRunner describes R4 as a milestone in their Portal functionality. This release has streamlined the user interface with a more modern design and workflow.
Note the following new features:
- New architecture and Portal redesign
- New Run area
- New credential configuration, including SSH (Secure Shell)
- New target configuration in the Portal
- Automatic module detection with advanced target testing functionality
- Use of Microsoft Graph and token-based authentication in M365
- Upload of files for bulk processing
- Signed PowerShell script enforcement
Let's take a closer look at some of the main new features found in the ScriptRunner Portal Edition R4 release.
New architecture and Portal redesign
With the release of the ScriptRunner Portal Edition R4, the previous Portal Apps solution has been eliminated and replaced with a new design. In addition, the new Portal is based on a new underlying information architecture. The application has been dramatically simplified, providing many benefits to the experience. For example, users now have more clarity regarding the interface's controls, menus, and other items.
ScriptRunner has been redesigned to help the product's overall experience and usability in the R4 release. The new Portal has been designed to contain the latest reports, top actions, and pinned actions in a widget-styled interface. In future releases, you will be able to customize widgets and other features of the dashboard.
New "foldout" menus on the left-hand navigation menu have been added to allow users to easily drive the interface from the dashboard.
The new ScriptRunner Portal dashboard provides a widget based easy to read overview of the environment
New Run area
The new main Run area has a significantly revised look and feel. In addition, it is much easier to navigate thanks to a back button and breadcrumb-style navigation trail to allow moving back and forth. The Run tiles seen in previous releases now have a modern design and new, reduced, and simplified options.
New Run area tile view
The list view shows the color, icon, and pin status of actions.
New Run area list view
New credential configuration, including SSH
The new ScriptRunner release features have been greatly improved. In previous versions of ScriptRunner, adding credentials was not intuitive. With the ScriptRunner Portal R4 release, they have redesigned the user interface to add a significantly improved credentials workflow.
In addition to the new credentials UI, they have added the ability to use SSH key file authentication for PowerShell, which is becoming an excellent option for connectivity in PowerShell 7.
New credentials workflow with SSH key
New target configuration in the Portal
The new ScriptRunner Portal Edition R4 release is now feature-complete with all target configuration settings. Note the following with the target configuration:
- The overview displays the types and additional information about the targets
- When you click the selection box for a list item, you have additional buttons (Edit, Run test, and Delete)
- Clicking a name opens the detailed configuration
- Several targets can be created for different administrator teams or managing different clients
- When you are using jump hosts in the environment, ScriptRunner makes it possible to build bridgehead structures, allowing for the creation of defined paths for remoting in the infrastructure
New target configuration in the ScriptRunner R4 release
Automatic module detection with advanced target testing functionality
A great feature of the new ScriptRunner Portal Edition R4 release is the automatic detection of the required PowerShell modules for scripts. ScriptRunner evaluates the modules needed and checks to see if they are available in the PowerShell session before starting code execution. This prerequisite check will save time and errors during the script execution process.
ScriptRunner takes this a step further and automatically creates tags for what they refer to as "advanced testing" of a PowerShell target. It performs the following:
- It attempts to establish a connection to the target.
- It checks whether the modules are available on the target
ScriptRunner checking for required PowerShell modules and target test checking
Use Microsoft Graph and token-based authentication for M365 services
Microsoft Graph is the global gateway for programmatic access to the data contained in your Microsoft 365 environment. The Microsoft API provides a single endpoint for access. In ScriptRunner Portal Edition R4, you can now use the Microsoft Graph module with the M365 service. In addition, you can now add this to an existing M365 target or a newly created one.
ScriptRunner Portal Edition R4 is also keeping up with the new recommendations for logging in and using services in M365. The new token-based authentication removes old references to the AAD Graph in the background and now uses a more modern, secure method.
In ScriptRunner, automatic detection has been enabled for M365 targets that determines the method to use and automatically selects the appropriate one.
Microsoft Graph can be used as a new service for M365
Upload of files by users for bulk processing
Users can now use a record file (CSV, TXT, XML, or JSON) to pass a data stream as a parameter in a script. Using the upload as a data stream provides maximum flexibility. Multiple data set files can be used, and separate data stream parameters are used for each one.
Bulk operation example in ScriptRunner Portal Edition R4
Signed PowerShell script enforcement
What if you have numerous servers you want to target with PowerShell across the organization? Without a centralized way to manage PowerShell execution across the environment, PowerShell execution policies can be configured differently between servers.
ScriptRunner Portal Edition R4 now allows enforcing signed PowerShell scripts, no matter how the local PowerShell execution policies are configured. It helps enforce signed scripts on both the ScriptRunner server itself and in PowerShell remoting.
To implement this with ScriptRunner Portal Edition R4, you simply run the following PowerShell cmdlet:
Set-ASRSettings -SignedScriptsOnly yes/no
Impressions of the new ScriptRunner release
I have followed ScriptRunner's progress over the last several releases. The ScriptRunner Portal Edition R4 release is massive, including a ton of new features and capabilities. I like the direction that ScriptRunner is taking the product with great usability features, better workflows, better M365 integration, and tools to enforce security best practices, such as signed PowerShell scripts.
Subscribe to 4sysops newsletter!
You can download a fully functional 30-day trial version of ScriptRunner to test the features and capabilities in your own environment.
