How ScriptRunner works
ScriptRunner Server is the main component of the ScriptRunner software platform. It manages, controls, monitors, and logs all your PowerShell activities.
Versatile PowerShell scripts and an automatically generated web application guarantee satisfied users.
ScriptRunner Server centrally manages all resources you need for system administration and automation with PowerShell.
Per default, scripts and credentials are stored on the ScriptRunner Server, but it can also be configured to access resources in external repositories, like password servers or code repositories.
Centralization assures, that every user works with the same, up-to-date resources and thus increases reliability and quality.
A first standardization step is the programming of a task as PowerShell Script. This allows the execution of a task to be repeated.
For true reproducibility, the environmental conditions under which the script may be executed must also be standardized.
Actions in ScriptRunner also define all execution policies for the script. To execute a script, these guidelines are applied, the task is completely standardized and reproducible.
The possibility to delegate scripted tasks to end users is the major feature of the ScriptRunner software platform. It gives Sysadmins the freedom to hand over tasks, leaving them time for more important tasks.
But saving time is not the only advantage: Some tasks are simply better off in the specialist departments. So it’s not only admins who benefit from delegation, but also the end users, especially since the ScriptRunner Portal is designed with a special focus on usability and ease of use.
ScriptRunner Server also features the functionality for automated execution of PowerShell scripts. When creating a ScriptRunner Action, you can decide whether the Action should be triggered manually, e.g. by a help desk user, or automated.
In the first case, ScriptRunner automatically generates a graphical user interface, so that a user of the ScriptRunner Portal App can easily and comfortably run the Action per mouse-click.
In the second case you can choose a scheduled automation or an event-based automation and ScriptRunner Server will execute the Action accordingly.
ScriptRunner Server monitors and logs all PowerShell activities so you can always trace who executed which script in ScriptRunner and with which result.
By default, these reports are stored in an integrated circulation database, on the ScriptRunner Server, but with the Report/Audit DB Connector you can additionally transfer all information from Action reports to an external SQL database for long-term storage.
A ScriptRunner Action can be described as “PowerShell task kit”, consisting of
- Resources: PowerShell script, target system/s
- Rights context: administrative access rights, execution environment, user role
- Instructions: Execution policies, scheduling and automation options
Actions can be
- Automated: scheduled or event-based
- Delegated: to help desk, business users, other administrators
- Run manually: through the ScriptRunner Portal
Security and Control
Security is always a core issue when it comes to system administration and IT Operations. ScriptRunner follows Security-by-Design.
ScriptRunner addresses these concerns with a well-founded security concept: ScriptRunner uses different user roles to restrict or prevent direct, unhindered access to central resources. ScriptRunner Server acts as an execution proxy for controlling and executing PowerShell scripts.
Different administrator and user roles guarantee the minimum required access to resources, settings and actions in ScriptRunner.
All users, from administrators to end users, interact with ScriptRunner through the Web GUI of the ScriptRunner Portal App or Portal Widget as part of their own website.
Access to resources and the control to execute Actions is handled exclusively by ScriptRunner Server.
For the ScriptRunner Server, we recommend at least Windows Server 2016 with 2 cores, 8 GB RAM and 64 GB SSD storage and a fast network connection. For more information on system requirements, visit the ScriptRunner Guide on Installation & Update.
The Principle for Secure Delegation
ScriptRunner Actions can be securely delegated to other administrators, help desk or end users. In this way, modern multi-zone security concepts can be implemented at the same time. Users from help desk and departments work in a context without administrative rights. Only assigned Actions are available to them for execution. Direct access to the systems in the infrastructure is effectively prevented.
If an Action is called, ScriptRunner Server starts the associated PowerShell script as an administrative deputy on the basis of the stored guidelines. The script is executed on the target system with the stored system rights. The execution log and the results are stored centrally.
Administrators and users can access the reports and get informed.