Try Now

ScriptRunner 2020R3 – full scope of functions in the portal, multi-attribute queries and more actions for end users

Table of Contents

Post Featured Image

Version 2020R3 wraps up the development cycle with a number of improvements and new features. There is news in both ScriptRunner Portal and ScriptRunner Server:

  • Extensions and new apps in the ScriptRunner Portal
  • Multi-Attribute Queries for Azure, Active Directory and with scripts
  • Queries with parameters for search control
  • Advanced caching modes for queries
  • Script repositories for admin teams
  • Simplified Azure AD App Registration
  • More actions for end users

Outlook on product strategy

We have split our development activities with the completion of this version. The consistent further development of a portal edition is intended to largely complete the transition from the world of old web apps to the new world of the role-based ScriptRunner Portal by the turn of the year. Three releases of the portal edition based on the current backend version are planned for this purpose.

In parallel, development work will begin on the new architecture from version 7 of ScriptRunner, which will enable ScriptRunner as a multi-server, multi-location and hybrid cloud solution.

Enhancements and new apps in ScriptRunner Portal

In the ScriptRunner Portal, the apps “Run” and “Reports” are now compatible in scope of functions or even extended compared to the previous Admin App.

The new Authorize & Delegate App corresponds to the main menu item “Delegation” of the Admin App, but goes in many details clearly beyond its scope of functions. The main “Settings” menu from the Admin App has been redesigned in the Portal.

The built-in support ticket function has been extended so that our support team has the installed version and the build of the server and UI at their fingertips.

Entry page of ScriptRunner Portal in Admin View

Entry page of ScriptRunner Portal in Admin View

What’s new in the Run App

In the Run App, the scope of functions has been enhanced so that, in addition to end users and helpdesk, it now also maps the behavior of the “Run” and “Delegate” buttons from the Admin App for the two administrator roles.

Administrators can use parameter sets and select target systems for execution even differently from the configuration. Additionally, PowerShell’s verbose option can be turned on specifically for any one execution.

Both in the tile view and in the list view, the functions “Edit Display Options”, “Show Reports” and “Edit Delegations” are now available for administrators.

The previously distributed display options under “Edit Display Options” have been redesigned and combined. They can now be configured centrally:

  • Icon of the action
  • Color of the action
  • Short description of the action in different languages.If the languages for Synopsis and Description are stored in the script with language indicators, these are automatically used. Another new feature is that changes in the script are applied immediately.
  • The long description with Markdown serves an extended description for the user. By using Markdown, texts can be displayed in bold and italics as well as in lists. It is also now possible to include URLs to provide users with additional sources and references in the action
Screenshot:

The “Edit Display” options have been redesigned and combined into one dialog

In the “Edit Delegations” function block at the respective action, the corresponding roles that are allowed to use the action can be assigned.

What’s new in the Reports App

The Reports App has been supplemented for the administrator roles in such a way that it corresponds to the dashboard and the “Function Reports” and dashboard of the Action Bar in the Admin App in terms of functionality.

An additional filter option has also been created via the “My Reports” and “All Reports” selection. The tiles can be used to quickly switch between successful and failed actions. The filters are applied to both the charts and the list positioned below them.

The list itself additionally allows the selection and comparison of any two reports in a comparison window with Diff-View, as well as the separate retrieval of HTML reports.

Screenshot: New report filter options in the report module of ScriptRunner Version 2020R3

New filter options have been added to the Reports App

Special possibilities arise in the filter overlay. Reports can be filtered by date, action, target system and script used or by user.

Screenshot: New Options in the filter overlay

Filters for date, action, target system, script and user have been added to the filter overlay of the Reports App

In the report details window, the PowerShell output, the scriptable result message and a generated HTML report can be accessed via tabs (even live during execution). The report details can be downloaded, copied to the clipboard or sent via “mailto:”.

Screenshot: Reports details dialog in ScriptRunner Version 2020R3

The new tab navigation in the reports detail window lets you toggle quickly between action report, result message and html-report

The new Authorize and Delegate App

This app combines the functions from the main menu item “Delegation” from the Admin App as well as a new wizard for creating roles and configuring memberships to the roles as well as delegation to these roles.

The overview page lists all the roles already configured based on the templates for Main Administrators, Administrators, Helpdesk and End Users.

Screenshot: The new Authorize and Delegate module in ScriptRunner Version 2020R3

The new Authorize and Delegate App for role and delegation management

To create a role, the newly developed wizard is used, which guides you through the individual steps. The steps differ depending on the selected role template.

Screenshot: Role configuration wizard in ScriptRunner Version 2020R3

The new role configuration wizard

For the role “Administrators” (of a team) the new function “Team Repository” can be configured additionally (further explanations will follow shortly).

The new Settings App

The Settings App displays the status of the licenses and the settings made on the server for the connectors.
Screenshot: Modul "Settings" in the Portal App

The new Settings App

Multi-Attribute-Queries for Azure AD and AD

Queries serve to improve interactivity by creating a selection option for the users of PowerShell scripts. Thus, users in the Portal can access users, groups, resources or other lists generated by queries as a selection list or by search. For the selected object, only the display name and an attribute passed to a script parameter were previously available. If several attributes of the same object were used in the script, cascaded queries had to be used until now.

As of ScriptRunner 2020R3, multi-attribute queries can now be used. An AD, Azure AD MS/Azure Graph query can therefore determine a large number of attributes with one query and pass them to the script.

Schematic representation of the principle of operation of multi-attribute queries in ScriptRunner 2020R3

How multi-attribute queries in ScriptRunner 2020R3 work

In ScriptRunner, attributes of the selected dataset are passed to the PowerShell process as an encoded JSON object. If a parameter of type [hashtable] has been defined in the script with the ScriptRunner splatting feature in the param block, the attribute values can be passed to the hashtable parameters in the main script. If a specific mapping of the attribute names from the JSON object to the parameter names of the hashtable is to be done, the ScriptRunner Alias feature can be used for this.

Param(
		[Parameter(HelpMessage=„ASRDisplay(Splatting)“)]
		[hashtable] $object,
		…
		[Parameter(HelpMessage=„ASRDisplay(Alias=l)“)]
		[string] $location
		…
)

$City = $object.location

The configuration of the query is done in the Parameter Values section. If “JSON object” was selected as the Value parameter, the attribute list can then be compiled.

For AD queries all AD attributes are allowed for the respective object. A minimal set is always applied as default. AD attributes can be determined with the AD attribute editor. It must be ensured that the names are correct.

If Azure AD queries are used, the procedure is equivalent. The available attributes can be found in the Azure AD documentation.

When testing the query in the Admin App, a test result set is determined. By mouse-over the encoded JSON string, the individual attributes of the object can be resolved and displayed.

Parameter-driven AD and Azure queries

Queries on objects in Active Directory, in Azure AA or via MS / Azure Graph previously had to be configured in such a way that they deliver a predefined result set for each call, from which the user can select elements.

The goal of our further development of parameter-driven queries was to enable greater flexibility. It is now possible to address different result sets with one query (e.g. users/groups of different departments or locations). In combination with multi-attribute queries and the splatting feature, the variety and number of queries can be reduced significantly.

The new functions allow to control the queries with input parameters. The input parameters can be supplied either by manual input or by selection from a previous query. In addition, default values can be determined in the configuration, which allows a query to be used as both a fixed and flexible query.

Schema Parameter-driven AD and Azure queries in ScriptRunner 2020R3

Parameter-driven AD and Azure queries in ScriptRunner 2020R3

From a user perspective, parameter-driven queries behave like other input forms. Thus, the user fills the input parameters in the form of the action manually or by selecting them from the results of another query. The query starts and uses the inputs as input values for the search and returns a different result set depending on the input values.

Example: Exchange resources

It becomes obvious on a use case with resources (rooms and equipment) in Exchange. The use case is to enable the management of both types of resource types in one ScriptRunner action.

First a script is needed, which contains the necessary parameters and then also the logic. Here we limit ourselves to the parameters and the query.

10-Snippet

The $Type parameter should be used as an input value in the query and should only accept the two values “room” and “equipment”. The $MailboxId and $Properties parameters are used to select the resource and set its properties.

In the configuration of the query “List of Exchange Resources” the settings “deactivated user” and the attribute filter “[msExchResourceDisplay]” are defined for the filter on Exchange resources in the Active Directory. In the Attribute value field the variable “%SRXQueryIn1%” is used. This is to control whether rooms or equipment will be available for selection in the result set.

11-Query

In the action configuration, you can now define how the query is to be used. It can be used as a fixed query for rooms or equipment or flexibly for both cases. This is done by presetting the $Type parameter.

The query “List of Exchnage Resources” is now assigned to the parameter $MailboxId. In addition, the $Type parameter must be assigned to the %SRXQueryIn1% input parameter.

12-Action

If the action is now run, the user first selects the resource type in the UI. After doing so, the parameter-driven query starts and can determine and display two different result sets in this example.

Improved Query Cache

The options for caching query results have been systematically expanded. The new caching mechanism primarily supports the handling of large dataset volumes and time-consuming queries. In particular, all types of scripted queries and multi-attribute queries on the AD and Azure AD benefit significantly from this.

The cached results allow portal users to search and quickly access up to 100,000 datasets with a very short interaction time. Both JSON objects and single parameters can be cached as a record.

Schematic representation of the improved query cache in ScriptRunner 2020R3.

Principle of the query cache in ScriptRunner 2020R3

To refresh the cache, two options are available as before: per-use automatic refresh or scheduled refresh.

Team Repositories for Scripts

If several admin teams work on one ScriptRunner instance, the role concept ensures that each team can only create, configure and use its own assets (credentials, targets, queries, actions). In addition, assets can also be available to all (public).

With script elements, this was different until now. These had to be manually assigned to the individual teams by a main administrator.

With version 2020R3 team repositories were introduced, in order to assign folders and scripts, which are synchronized and/or stored there, automatically to the respective team as owner.

So it is now also possible to sync to separate repositories from Git to the respective team’s repo.
ATTENTION: the root folders for the team repositories must be on the top level in the script library.

14-team-repositories

Multiple scripts can be assigned to a team via the Team Repository option

To set up the team folder function, the following steps must be taken in order:

  1. Create a root folder for the team repo as a subfolder of the script library root.
  2. Open Admin App (Delegation) or Portal (Authorize & Delegate)
  3. Activate Team Folder option and enter root folder name of team repository

Afterwards, new scripts can be added to this team repository, e.g. by synchronizing with a Git repository.

ATTENTION: if you use an existing folder with scripts as root folder, the ownership of these scripts will NOT be changed automatically to ensure that existing actions and configurations continue to work.
Please contact our support if you have any questions about switching to team repositories.

More Actions for End Users

With this release, licensing for end users has been expanded. Previously, only up to 10 assigned actions were available for each end user.

In order to cover requirements for more end user self-service, end user licenses are now also available in tiers for up to 20 and up to 30 actions per end-user.

Mixed operation is not possible, the extended license must be purchased for all end users. If the number of end users with more than 10 actions is limited, we recommend equipping these users with a help desk license as an alternative.

Advanced Support Function in the Portal

If the portal is used in the Main Administrator or Administrator role, you can contact our support directly in the portal. The version details of ScriptRunner will now be added automatically.

Setup without sample configuration

The unattended setup for ScriptRunner has been extended with the option to install without sample configuration. Thus, new installations and migrations of existing systems can be done without removing the samples for productive operation.

Other Improvements

ScriptRunner’s PowerShell host now uses the TLS 1.2 setting by default. This is especially significant for older Windows Server variants to enable compatible connections to M365 and higher Windows Server versions.

When configuring roles in ScriptRunner, groups and accounts can now be found in multi-trusted-forrest constellations.

The restrictions to use a specific one of the Az module have been removed.
Changes in the synopsis and description of a script are now also updated in the UI

ScriptRunner Mascot Jeff Scriptwalker

Explore ScriptRunner version 2020R3 live and in color

Book your free demo with product expert Heiko Brenn today and learn how ScriptRunner simplifies PowerShell management in your organization.
Request Demo

Related Posts

16 min read

How to Use Sensitivity Labels to Protect Information

7 min read

Read out OneDrive Storage – Act in Time

About the author: