Configuration Manager has an integrated ability to run PowerShell scripts. PowerShell has the benefit of creating sophisticated, automated scripts that are understood and shared with a larger community. The scripts simplify building custom tools to administer software and let you accomplish mundane tasks quickly, allowing you to get large jobs done more easily and more consistently. In version and earlier, Configuration Manager doesn't enable this optional feature by default.
You must enable this feature before using it. For more information, see Enable optional features from updates. With this integration in Configuration Manager, you can use the Run Scripts functionality to do the following things:. For more information about Configuration Manager security roles: Security scopes for run scripts Security roles for run scripts Fundamentals of role-based administration.
Be aware that when using parameters, it opens a surface area for potential PowerShell injection attack risk. There are various ways to mitigate and work around, such as using regular expressions to validate parameter input or using predefined parameters.
Common best practice is not to include secrets in your PowerShell scripts no passwords, etc. Learn more about PowerShell script security. Run Scripts uses the concept of script authors and script approvers as separate roles for implementation and execution of a script. Having the author and approver roles separated allows an important process check for the powerful tool that Run Scripts is. There's an additional script runners role that allows execution of scripts, but not creation or approval of scripts.
See Create security roles for scripts. By default, users can't approve a script they've authored. Because scripts are powerful, versatile, and potentially deployed to many devices, you can separate the roles between the person that authors the script and the person that approves the script. These roles give an additional level of security against running a script without oversight.
You're able to turn off secondary approval, for ease of testing. Scripts must be approved, by the script approver role, before they can be run. To approve a script:. As a best practice, you shouldn't allow a script author to approve their own scripts.
It should only be allowed in a lab setting. Carefully consider the potential impact of changing this setting in a production environment. The ScriptRunner Powershell Management platform consists of several software components.
The modular approach allows for great flexibility and makes ScriptRunner the all-in-one solution for fulfilling a variety of use cases in day to day IT administration. This is where the magic happens: ScriptRunner Server is the heart of the ScriptRunner software platform that centrally manages, controls, monitors, and logs all your PowerShell activities.
About ScriptRunner Server. ScriptRunner Portal is the user interface through which users can configure and interact with ScriptRunner Server, securely, comfortable and according to their user role, access level and skill. About ScriptRunner Portal. It has now been updated to work with the newly released version Skip to the main content. Skip to the secondary content. The software has easily cut our process time in half. We have been using Scrip Manager for almost a year and have had nothing but a positive experience.
Scrip Manager offers a free 30 day trial period. Simply sign up and fill out the form.
0コメント