System Requirements

ScriptRunner Server

  • Virtual Machine
  • minimum 2 Core
  • minimum 8 GB RAM
  • minimum 64 GB Disk (SSD)
  • Windows Server 2019, Windows Server 2016, Windows Server 2012, integrated in AD domain
  • .NET Framework 4.6 or higher
  • Installed roles and features: Internet Information Server (minimal standard), PowerShell 5.1
  • Server or domain certificate for SSL
  • Installed PowerShell modules:
    • for Active Directory
    • optional for VMware the PowerCLI
    • optional for O365 and Azure corresponding PowerShell modules from Microsoft
  • Optional: Git for Windows (newest version) for synchronization of repositories in GitHub, GitLab, Bitbucket or similar.

Admin Clients

  • Supported browsers: Chrome, Edge, Firefox, Opera; IE11 with limitations
  • PowerShell ISE or Visual Studio code

Other Clients

  • Supported browsers: Chrome, Edge, Firefox, Opera; IE11 with limitations
Yes No Suggest edit

Protocols used with ScriptRunner

Browser and Web Server

All browser apps are single page applications. The application is loaded from a web server (default IIS) with the installed web apps via http or https. The port settings result from the configuration of the Web Server. By default, httpPort 80 and httpsPort 443 are used. User authentication on the Web server is not required.

Browser Apps and ScriptRunner Server

When the browser app is loaded from the web server, it contacts the REST Web Service Endpoint (URI) of the ScriptRunner Server. Communication takes place via http or https. By default, 8091 is used for http or httpsPort. A different port can be specified for this. If the Web Server is on the same machine as the ScriptRunner Server, port 80 or 443 cannot be used. The settings for the ScriptRunner Server are made in Setups or with the ScriptRunnerSettings PowerShell module. The settings for the browser apps are made in the Web Apps setup or manually afterwards via the configuration file URI.JS on the Web server.

PowerShell ISE App and ScriptRunner Server

If the ISE was installed on an Administrator client and started in the PowerShell ISE, it can be used to directly access the Script Repository on the ScriptRunner Server. The communication to the REST Web Service Endpoint (URI) of the ScriptRunner Server. By default, 8091 is used for http or httpsPort. The settings for the ISE Apps are done in the Team Apps Setup.

Third party system and ScriptRunner Server

Third party systems such as Monitoring, ITSM, Worfklows or from specialized applications can control actions on the ScriptRunner Server. The communication takes place via REST Web Service Endpoint (URI) of the ScriptRunner Server. By default, 8091 is used for http or httpsPort. The settings for this depend on the settings on the ScriptRunner Server.

ScriptRunner Server and Email Connectors

ScriptRunner can both send notification email and process inbound email for automation. E-mail notifications use direct communication via SMTP protocol with or without TLS as well as anonymous or with authentication. To process inbound e-mails, the ScriptRunner Server accesses an assigned mailbox using theIMAP protocol.

ScriptRunner Server and SQL Server Connector

With a Report/Audit database the PowerShell reports of ScriptRunner Server can be stored in SQL Server. The communication takes place via the standard ports of SQL Server. Please refer to the Microsoft product documentation for information.

ScriptRunner Server and Password Server Connector

With ScriptRunner server-based password safes can be used. The communication with a password server depends on the manufacturer and usually takes place via a REST Web Service Endpoint (URI) andPort 443. Please refer to the respective product documentation of the manufacturer for further information.

Manual, Protocols, ScriptRunner

Protocol Overview for ScriptRunner communication

ScriptRunner Server and PowerShell Remoting

ScriptRunner Server controls the execution of scripts even on remote target systems. Communication takes place via the WSMAN protocol. By default, Windows uses port 5985 for this purpose within familiar domains. This is secured within the domains. For communication with external, unfamiliar domains, SSL should also be activated. In this case, Windows uses port 5986. Please refer to the Microsoft product documentation for information.

When using ScriptRunner Scripted Queries for remote queries, the WSMAN protocol is also used.

ScriptRunner Server and Active Directory

Scripts can be executed locally and on remote target systems with ScriptRunner Server. If a script with commands from the Active Directory PowerShell module is remotely executed on an AD controller, communication takes place via PowerShell Remoting. If however the local execution is used, the commands of the Active Directory module are used on the ScriptRunner Server. The local module then takes over the communication to the AD via the standard protocols Kerberos (authentication), LDAP and ADWS. Please refer to the Microsoft product documentation for information.

When using ScriptRunner AD Queries the standard protocol LDAP is also used.

ScriptRunner Server and Exchange/Skype Server (on prem)

With ScriptRunner Server scripts on Exchange Server and Skype infrastructures can be executed on-prem by implicit remoting. It connects to the Exchange PowerShell Endpoint or Skype PowerShell Endpoint (URI), creates a session, and imports it to ScriptRunner Server. Communication is then encrypted via port 80 (default on the Exchange server) or via port 443. Please refer to the Microsoft product documentation for more information.

ScriptRunner Server and Office 365/AzureRM

With ScriptRunner Server, scripts for managing Office 365 and Azure resources can be processed locally. This requires that the appropriate PowerShell modules for AzureAD, Exchange Online, SharePoint Online, Skype Online, and Azure RM are installed on ScriptRunner Server. The connection to the respective PowerShell Management endpoint is established through ScriptRunner. Communication is encrypted via port 443. Please refer to the Microsoft product documentation for information.

ScriptRunner Server and VMware

ScriptRunner Server allows scripts to be executed locally and on remote target systems. If a script with PowerCLI commands is remotely executed on a VMware Management Server, communication takes place via PowerShell Remoting. If however the local execution of the PowerCLI is used, the commands of the module are used on the ScriptRunner Server. The local PowerCLI module then communicates with VMware via the standard VMware protocols. Please refer to VMware product documentation for information.

Yes No Suggest edit

Prepare to install

Before you install ScriptRunner Server and the apps, you need to make some preparations:

  • Deploying a virtual machine with Windows Server operating system installed
  • Providing a certificate for the ScriptRunner Server
  • Installing and Setting Up a Web Server
  • Setting up the PowerShell on the ScriptRunner Server
  • Setting up groups and users in Active Directory
Yes No Suggest edit

Deploy an VM for ScriptRunner Server

You can use a virtual machine in VMware or Hyper-V for ScriptRunner Server. Make sure that the system requirements are met. Install the Windows Server operating system and include the server as a member in a domain. Please also refer to the notes in the “Planning” manual.

NOTE

If possible, use the server exclusively for ScriptRunner and not for a number of other functions. This is the only way to eliminate unwanted side effects, ensure uncomplicated maintenance and ensure the stability of the automation platform during operation.

Yes No Suggest edit

Set up roles and features on ScriptRunner Server

By default, Web Server and ScriptRunner Server runs on same machine. In this case, install the Web Server (IIS) server role in the default default configuration on the machine. No additional Web Server features beyond the default settings are required.

Manual, Installation, Web Server, ScriptRunner

Web server role (IIS) on ScriptRunner Server

If you are deploying the Web server role using a role or server template, check that the Web server’s static content feature is enabled. If possible, remove all installed features for web development and ASP.NET applications.

Install the Feature Remote Server Management Tools -> Role Management Tools -> AD DS and AD LDS Tools -> Active Directory Module for Windows PowerShell.

Manual, PowerShell, Active Directory

Feature AD PowerShell module on ScriptRunner Server

Check the Windows PowerShell feature. Select Windows PowerShell 5.1 or later. Always disable PowerShell 2.0.

If you experience problems and troubleshoot communication connections, we recommend that you reinstall the feature Telnet client.

For installation and configuration, use the Server Manager of the operating system or appropriate PowerShell commands.

Yes No Suggest edit

PowerShell Settings

First check whether the WSMAN service (Windows Remote Management) is running on the ScriptRunner Server. You should then check the PowerShell settings.

On the ScriptRunner Server, open the PowerShell as an administrator and type the following commands:

> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.14393.2515
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.2515
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

> Get-ExecutionPolicy -List

Scope ExecutionPolicy
----- ---------------
MachinePolicy       Undefined
   UserPolicy       Undefined
      Process       Undefined
  CurrentUser       Undefined
 LocalMachine       RemoteSigned

The setting for LocalMachine should be set to RemoteSigned. This setting is default in trusted domains.

You can use the following command to set the PowerShell and its local firewall rules:

> winrm -quickconfig

Alternatively, you can make the settings separately:

>
> Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine 
> Enable-PSRemoting -Force
Yes No Suggest edit

Configure Roles, Users & Groups

ScriptRunner consequently separates the users in different roles completely from the administrative authorization to execute scripts on the target system. ScriptRunner implements a security-by-design philosophy in which the ScriptRunner Server acts as a proxy for the control and execution of the PowerShell scripts (Execution Proxy). A direct access of administrators and users to central resources can thus be effectively prevented or restricted for administrators.

User roles in the ScriptRunner apps

Security groups in the Active Directory are used for the proper functioning of the various application roles in ScriptRunner. Security groups are required for:

  • ScriptRunner Main-Administrators. Create a safety group for this in the AD. Naming can be based on its specific naming conventions. Include in this group all administrator accounts that should access ALL items with the Admin Web App and the PowerShell ISE App. Accounts in this group will also have access to the Delegate Web App and will also see all items there.
  • ScriptRunner Administrators (Team or tenant). Create a safety group per team or tenant for this in your AD. Include in this group all administrator accounts of ONE team or tenant that should access items for the admin team using the Admin Web App and the PowerShell ISE App. Accounts in this group also have access with the Delegate Web App and will only see the elements assigned to the team.
  • ScriptRunner Service Desk Users. Create one or more security groups for users in the service desk or other IT teams. Include in this group all user accounts that are allowed to use delegated actions in ScriptRunner with the Delegate Web App.
  • ScriptRunner Self-Service End Users. Create one or more security groups for self-service users in the AD. Include in this group all user accounts that are allowed to use delegated actions in ScriptRunner with the Self-Service Web App.

NOTE

If a user account is assigned to several groups, all actions to these groups are displayed cumulatively to the user of the Delegate App.

Administrator role on the ScriptRunner Server

ScriptRunner Server is a central system and due to its role and function it is subject to a high security requirement. For this reason, limit the possibility of interactive login directly or via Remote Desktop to a few administrators. To do this, use a separate group in the AD.

Administrators with access rights at the operating system level of ScriptRunner Server can make all settings with the ScriptRunnerSettings PowerShell module and have access to all files and directories of ScriptRunner Server.

Administrative accounts for the execution of scripts

For the execution of PowerShell scripts on the corresponding target systems, corresponding credentials are required. It is recommended not to use personal administrative accounts for this, but to use technical accounts. Therefore, create different technical accounts for ScriptRunner in the domain of the target systems, e.g. separately for different systems like AD, Exchange, VMware etc. and assign the necessary rights to these accounts.

NOTE

ScriptRunner can run scripts in different domains regardless of a trust position. Plus, you can manage cloud services in O365, Azure, AWS and Google Cloud with PowerShell.

Yes No Suggest edit

Installing ScriptRunner Server

Only use the current ScriptRunner setup files to perform the installation. You can download the ZIP file with the setup files here.

This step installs all ScriptRunner Server features, the ScriptRunnerSettings PowerShell module, and a set of Windows performance counters.

TIP

Before installing ScriptRunner Server, take a snapshot of the VM you want to install on.

First copy the ZIP file with the setup files on the server and unpack them. Then run the SetupScriptRunnerService_version.EXE file.

Manual, Installation, ScriptRunner Server

Start screen of the ScriptRunner Server setup.

On the ScriptRunner Service Configuration page, you can specify the port for the ScriptRunner Server REST Web Service Endpoint. By default, port 8091 is proposed. If you specify a different port, you should ensure that appropriate firewall settings are made in the infrastructure. See also Protocols and Communication.

ScriptRunner REST web service port configuration

NOTE

The web service port is used by:

  • ScriptRunner Web Apps, PowerShell ISE App
  • ScriptRunner Web Service Connector
  • Third party system integrations using REST

 

On the ScriptRunner Service Administrators Configuration page, specify the AD group for the ScriptRunner Main-Administrators role. To do this, enter the name of the AD group in the field that you have created. Press the Verify button. The security claim for this group is then displayed.

Setting the AD group for the ScriptRunner administrator role

TIP

If an error occurs, either the connection of the ScriptRunner Server to the Active Directory is interrupted or the AD group is not yet known in the cache of the machine (new login required).

NOTE

The members of this group have the highest administrative rights in the ScriptRunner Admin App.

On the PowerShell Remoting page, the setting for local PowerShell loopback remoting is made as a mode for local script execution. The default setting is ON.

Manual, Installation, PowerShell Remoting, ScriptRunner

PowerShell Loopback Loopback Remoting Settings

NOTE

If an error occurs, check the PowerShell Group Policy for the server or domain. All systems that are to use PowerShell for administration require appropriate remoting settings. For details, see the Microsoft documentation.

After installation

If errors occur during installation, check the setup log in C:\Program Files\ScriptRunner\Service\.

Then check the newly installed “ScriptRunner Service” in the Service Control Panel. This must be set to ‘Start automatically’ and started.

Then, open the PowerShell console as the administrator and use the ScriptRunnerSettings PowerShell module. Enter the following commands:

>
> get-command -modul ScriptRunnerSettings
> get-asrservice 
> get-asrsettings 
> get-asrlicense

NOTE

Before you can use the ScriptRunnerSettings PowerShell module for the first time, you must log on again because only then does the path environment variable

take effect.

If you want to switch to HTTPS

If you want to use ScriptRunner Web Apps with HTTPS, you have to setting up both, the Web Server and the ScriptRunner web service endpoint to HTTPS.

Yes No Suggest edit

Installing ScriptRunner Web Apps on Web Server (IIS)

Only use the current ScriptRunner setup files to perform the installation. You can download the ZIP file with the setup files here.

With this installation all functions of ScriptRunner Web Apps are installed on the Web Server.

NOTE

The Web Server is used exclusively for the central distribution of Web Apps files to the browser via http or https. The respective web app in the browser communicates directly with the web service endpoint of ScriptRunner Server via http or https and port 8091 (default). See also Protocols and Communication.

TIP

Before installing ScriptRunner Web Apps, take a snapshot of the VM you want to install on.

First copy the ZIP file with the setup files on the server and unpack them. Then run the SetupScriptRunnerWebApps_version.EXE file.

Manual, ScriptRunner Web Apps, Setup

Start screen of the ScriptRunner Web Apps setup.

On the Page Choose Install Location you define the physical directory for the Web Apps files. In the Web Server, some of the subdirectories are configured as virtual directories during setup.

Manual, ScriptRunner Web Apps, Setup, File location

ScriptRunner Web Apps file location

 

On the Choose Components page, you specify the components to be installed. By default, an installation on an IIS is assumed. However, you can also install the Web Apps files on another Web server manually.

Manual, ScriptRunner Web Apps, Setup, Components

ScripRunner Web Apps components

 

TIP

If you want to use an other web server than IIS, unpack the files with the setup into a directory structure and copy them to the web server. Then set up two virtual directories ‘admin‘ for the directory ./AdminApp/ , ‘delegate‘ for the directory ./DelegateApp/ and ‘selfservice’ for the directory ./SelfServiceApp/ in the web server. Then check the file URI.JS in the respective directory and, if necessary, adapt the URI contained there to theFQDN of the ScriptRunner Server.

On the ScriptRunner Service Endpoint page, you define the URI for the ScriptRunner Web Apps. Enter the FQDN of the ScriptRunner Server. The port depends on the settings during the installation of the ScriptRunner Server. By default, port 8091 is used. If ScriptRunner Server and Web Server are already switched to HTTPS, enable the option ‘use SSL (https)‘.

Manual, ScriptRunner Web Apps, URIScriptRunner Service Endpoint (URI) for Web Apps

After installation

If errors occur during installation, check the setup log in C:\Program Files\ScriptRunner\WebApps\.

You can check the installation of the Web Apps in the Web Server (IIS) using the IIS Manager application. To do this, start the IIS Manager and check:

  • the installed virtual directories
  • the ScriptRunner Application Pool
Manual, ScriptRunner Web Apps, Web Site

ScriptRunner Web Site with virtual folders

The virtual directories ‘admin‘, ‘delegate‘ and ‘selfservice’ must be configured under a main directory ScriptRunner in the Default Web Site. You can now call the following URLs in one of the recommended browsers:

  • http://fqdn-scriptrunner-server/ScriptRunner/admin -> the Admin Web App will be downloaded
  • http://fqdn-scriptrunner-server/ScriptRunner/delegate-> the Delegate Web App is loaded
  • http://fqdn-scriptrunner-server/ScriptRunner/selfservice -> the SelfService Web App is loaded
Manual, ScriptRunner Web Apps, App Pool, IIS

IIS Application Pool for ScriptRunner Web Apps

 

If you want to switch to HTTPS

If you want to use ScriptRunner Web Apps with HTTPS, you must setting up both, the Web Server and the ScriptRunner web service endpoint to HTTPS .

Yes No Suggest edit

Web App in your corporate design

You can adapt the Delegate Web App and the SelfService Web App for your users to the corporate design of your company. The adjustment affects three properties of the two Web Apps:

  • the start screen when calling the Web App
  • the logo in the top left corner of the Top-Bar of the Web App
  • the color of the top bar in the web app
Manual, ScriptRunner Web App, Customizing

Customized ScriptRunner Web App

 

If the IIS is used with the standard installation, these are in:

  • C:\Program Files\ScriptRunner\WebApps\DelegateApp\custom
  • C:\Program Files\ScriptRunner\WebApps\SelfServiceApp\custom

Settings in these directories will be preserved for future updates.

First you should save two image files in PNG format in the directory:

  • the logo file as ‘custom_headerlogo.png’ with a max. height of 30px
  • the start screen file as ‘custom_splashscreen.png’ with a max. width of 530 px

Then edit the file customstyle.css. Remove the end comment character ‘*/’ after the background color value. Enter the color value for the background as the name, e.g. green or hex value, e.g. #a1cc1f.

Then use IISReset to restart the Web server. Now you can use the Delegate Web App and the SelfService Web App in your company’s CD.

NOTE

Please note that the color value for the background color is not too bright, because some elements in the top bar are set to the color ‘white’.

Yes No Suggest edit

Installing ScriptRunner PowerShell ISE App

Only use the current ScriptRunner setup files to perform the installation. You can download the ZIP file with the setup files here.

During this installation all functions of ScriptRunner PowerShell ISE App as well as the PowerShell module ISEScriptRunner are installed on the Admin Client.

NOTE

ScriptRunner PowerShell ISE App is a functional extension for the PowerShell ISE and is included as an add-on. The ISE App displays all scripts on the ScriptRunner repository and allows the following functions for them:

  • View – Loads a PowerShell script from the ScriptRunner Server repository and displays it in the ISE editor. The script cannot be changed.
  • CheckOut – Check out a PowerShell script from the ScriptRunner Server repository and display it in the ISE Editor. The script can now be changed.
  • CheckIn – Check in a modified PowerShell script to the ScriptRunner Server repository. A version history and a script file version are saved on the ScriptRunner server.
  • Revert – Undoing changes to the script BEFORE checking it in

The PowerShell ISE App is exclusively intended to be installed on Admin Clients. To use the PowerShell ISE App, the user account must be in the ScriptRunner Administrators or ScriptRunner Team Administrators role.

First copy the ZIP file with the setup files on the server and unpack them. Then, run the SetupScriptRunnerTeam Apps_version.EXE file.

Manual, ScriptRunner Team Apps, Setup

Start screen of the ScriptRunner Team Apps setup

On the Page Choose Components select only ‘ScriptRunner ISE add-on‘. Deselect the other two Team Apps!

Manual, ScriptRunner Team Apps, Select

Select the ScriptRunner Team App to install

On the ScriptRunner Service Endpoint page, specify the URI for the PowerShell ISE App. Enter the FQDN of the ScriptRunner Server. The port depends on the settings during the installation of the ScriptRunner Server. By default, port 8091 is used. If ScriptRunner Server and Web Server are already switched to HTTPS, enable the option ‘use SSL (https)‘.

Manual, ScriptRunner Team Apps, URI

ScriptRunner Service Endpoint (URI) for ISE App

NOTE

The ScriptRunner PowerShell ISE App does NOT communicate with the ScriptRunner Server via a file share, but via REST Web Service protocol.

After installation

If errors occur during installation, check the setup log in the C:\Program Files\ScriptRunner\TeamApps.

On the Admin Client, start the PowerShell ISE as an administrator. Enter the following commands:

>
> Get-Command -module ISEScriptRunner 

# ISE App starten 
> Start-ISEScriptRunner 

# Auto-Start the ISE App 
> Enable-ISEScriptRunner 

# Disable Auto-Start
> Disable-ISEScriptRunner
Manual, ScriptRunner Team Apps, ISE App

ScriptRunner PowerShell ISE App (here in checkin process)

 

If you want to switch to HTTPS

If you want to use ScriptRunner Web Apps with HTTPS, you must setting both, the Web Server and the ScriptRunner service endpoint to HTTPS.

Yes No Suggest edit

Optional: Installing ScriptRunner Team Apps

Only use the current ScriptRunner setup files to perform the installation. You can download the ZIP file with the setup files here.

With this installation all functions of ScriptRunner Team Apps are installed on a Client or the ScriptRunner Server.

NOTE

ScriptRunner Team Apps are code identical to the ScriptRunner Web Apps. They are NOT loaded from the web server but start the JavaScript application from a local directory. The Team Apps currently use the IE11 kernel as their runtime environment. Therefore all IE11 settings also affect the function of the Team Apps.

TIP

Use the ScriptRunner Web Apps. These can be accessed via browsers in the intranet and can be updated centrally. So you can dispense with packaging and software distribution.

Install the ScriptRunner Admin App only as “emergency entry” on ScriptRunner Server. So you can access the functions of ScriptRunner Server as administrator at any time, even when the Web Server is down.

First copy the ZIP file with the setup files on the server and unpack them. Then, run the SetupScriptRunnerTeam Apps_version.EXE file.

Manual, ScriptRunner Team Apps, Setup

Start screen of the ScriptRunner Team Apps setup

On the Choose Components page, select only the apps you want to install. On ScriptRunner Server select only the Admin App!

Manual, ScriptRunner Team Apps, Select

Select the ScriptRunner Team App to install

On the ScriptRunner Service Endpoint page , specify the URI for the ScriptRunner Team Apps. For the installation of the Admin App on the ScriptRunner Server enter localhost. On all other clients on which you want to use ScriptRunner Team Apps, enter the FQDN of the ScriptRunner Server. The port depends on the settings during the installation of the ScriptRunner Server. By default, port 8091 is used. If ScriptRunner Server and Web Server are already switched to HTTPS, enable the optionuse SSL (https).

Manual, ScriptRunner Team Apps, URI

ScriptRunner Service Endpoint (URI) for ISE App

After Installation

If errors occur during installation, check the setup log in the C:\Program Files\ScriptRunner\TeamApps\.

Start the corresponding app on your computer. This automatically connects to the specified ScriptRunner service endpoint.

If you want to switch to HTTPS

If you want to use ScriptRunner Team Apps with HTTPS, you have to setting up both, the Web Server and the ScriptRunner service endpoint to HTTPS.

Yes No Suggest edit

Configuring HTTPS

Before you convert to HTTPS, you should make some basic considerations as to which activities are to be performed in this context:

  • Provision of certificates
  • Convert Web Server
  • Convert ScriptRunner Server
  • Customizing the ScriptRunner Web Apps configuration
  • optional: customize the ScriptRunner ISE App and Team Apps configuration
  • if necessary adjust browser settings

NOTE

The conversion to HTTPS must be done on the Web Server as well as on ScriptRunner Server and the apps. Mixed operation of HTTP and HTTPS is not possible. The parallel operation of HTTP and HTTPS can only be set with specific settings for necessary exceptions.

TIP

Use HTTPS only for secure communication between ScriptRunner Apps, Web Server and ScriptRunner Server.

For the setup of HTTPS on ScriptRunner Server and Web Server you need a valid certificate. You create this in the certificate infrastructure.

Configure HTTPS on the Web Server

Open the Microsoft Management Console (MMC) and load the certificate management module. Import the certificate or chain of certificates into the Personal Store of the local computer.

Manual, ScriptRunner, HTTPS, Certificate

Importing the certificate into the personal store of the local machine

After you have successfully imported the certificate, you can now configure the bindings in the Web server. Open the IIS Manager and select the web site where the ScriptRunner Web Apps have been installed. Open the Bindings configuration and create an HTTPS binding with the assignment of the imported certificate.

Manual, ScriptRunner, Web Server, HTTPS

Configure HTTPS bindings on Web Server

NOTE

No authentication is required to load the ScriptRunner Web Apps. Therefore, the authentication setting should allow anonymous access to the Web site. The user authentication and role assignment is done on the ScriptRunner Server.

Configuring HTTPS for the ScriptRunner Web Apps

The conversion of the ScriptRunner Web Apps can be done in two different ways:

  • Rerun the ScriptRunner Web Apps Setup; this is the recommended method
  • Manual customization of ScriptRunner Web Apps Configuration Files

If you run the Web Apps setup again, follow the instructions. On the ScriptRunner Service Endpoint page, you define the URI for the Web apps. Enter theFQDN of the ScriptRunner Server. The port depends on the settings during the installation of the ScriptRunner Server. By default, port 8091 is used. To switch the Web server to HTTPS, activate the optionuse SSL (https).

Manual, ScriptRunner Setup, Web Apps, SSL

Reconfigure the ScriptRunner Web Apps for SSL

If you want to manually configure the ScriptRunner Web Apps for HTTPS, you have to change three configuration files in the physical file path of the apps. By default, these files are stored in C:\Program Files (x86)\AppSphere\ScriptRunner\WebApps in the appropriate subdirectories.

  • . \AdminApp\uri.js for the Admin Web App
  • .\DelegateApp\uri.js for the Delegate Web App
  • .\SelfServiceApp\uri.js for the Self-Service Web App

Open the respective uri.js file as administrator in an editor. Adjust the following line:

ScriptRunner.baseuri = 'https://fqdn_scriptrunner_server:8091/ScriptRunner';

The port depends on the settings for the installing the ScriptRunner Server. By default, thePort 8091 is used.

After the HTTPS migration for Web Server and Web Apps

Restart the Web Server by running IISReset on the console.

Then open one of the recommended browsers on a client and enter the URL https://fqdn_server/. The IIS standard page should appear. Then you can test the ScriptRunner Web Apps URLs. The respective Web App is loaded, but cannot yet reach the ScriptRunner Service Endpoint (URI). Therefore you should now switch the ScriptRunner Server and the ScriptRunner Web Apps to HTTPS.

Configuring HTTPS on the ScriptRunner Server

After the Web Server and the ScriptRunner Web Apps have been converted to HTTPS, the ScriptRunner Service EndPoint must now be converted to HTTPS. For this you need the thumbprint of the certificate. To avoid errors, read the thumbprint using the PowerShell command below and copy the matching ‘thumbprint_hex’ value in the console.

On the ScriptRunner Server, open the PowerShell as administrator and enter the following commands:

> 
> Get-ASRURI 
>
> # List of Certificates
> Get-ChildItem Cert:\LocalMachine\My
> 
> # Thumprint of Certificate
> Get-ChildItem Cert:\LocalMachine\My\'thumprint_hex'
>
> Set-ASRURI -SSLCertThumbprint 'thumbprint_hex' -SSLEnable -Restart 
> Get-ASRURI

You can disable SSL on the ScriptRunner service endpoint by typing the following command:

> Set-ASRURI -SSLCertThumbprint 'thumbprint_hex' -SSLDisable -Restart

To activate a renewed certificate, enter the following command:

> Set-ASRURI -SSLThumbprint 'thumbprint_hex' -SSLReplaceExisting -SSLEnable -Restart

After the HTTPS conversion of ScriptRunner Server

Open one of the recommended browsers on a client and enter the URL https://fqdn_server/scriptrunner/admin. The Admin Web App is loaded from the Web Server and connects to the ScriptRunner Service Endpoint.

NOTE

If an error occurs, please check the error message in the start screen. An ‘access denied’ indicates that the user account is not authorized in ScriptRunner or that the number of licenses has been exceeded. The message ‘request failed’ indicates that the Endpoint service is not available. Check whether the ScriptRunner service is running and whether the configuration files uri.js of the respective ScriptRunner Web App are configured on HTTPS as described above.

Configure HTTPS for the ScriptRunner ISE App and Team Apps

For the conversion of the ScriptRunner PowerShell ISE App or the ScriptRunner Team Apps, please run the Team Apps Setup again and follow the instructions. On the ScriptRunner Service Endpoint page, you define the URI for the apps. Enter theFQDN of the ScriptRunner Server. The port depends on the settings during the installation of the ScriptRunner Server. By default, port 8091 is used. To switch the apps to HTTPS, enable the optionuse SSL (https).

Manual, ScriptRunner Team Apps, Setup, SSL

Reconfigure the ScriptRunner ISE and Team Apps for SSL

After the HTTPS conversion of ScriptRunner Team Apps

Start the appropriate app. The ScriptRunner ISE App or the corresponding Team App will automatically connect to the ScriptRunner Service Endpoint.

NOTE

If an error occurs, please check the error message in the start screen. An ‘access denied’ indicates that the user account is not authorized in ScriptRunner or that the number of licenses has been exceeded. The message ‘request failed’ indicates that the Endpoint service is not available. Check if the ScriptRunner service is running and if you have run the Team Apps Setup with the SSL option.

Yes No Suggest edit

Backup and Restoring ScriptRunner Server

You should back up ScriptRunner regularly to ensure a quick recovery of your system in case of doubt. Of particular importance are all configuration settings and the PowerShell Reports. All this information can be found on Drive:\ProgramData\ScriptRunner\ on your ScriptRunner Server.

You can choose the following options for regular backup:

  • Snapshot of the ScriptRunner Server VM
  • Windows Backup
  • Third-party backup software

Manual Backup

Use the following procedure for manual backup:

  1. First, check whether PowerShell processes of running actions are still active on the ScriptRunner Server. In the Task Manager, check processes named SRXPSHost.exe and Windows PowerShell and Windows PowerShell ISE. Also check to PowerShell processes of other programs and users.
  2. Open the Service Panel and stops the  AppSphere ScriptRunner Service service to manually backup.
  3. Save the complete directory Drive:\ProgramData\ScriptRunner\.
  4. Save the Script Library folder if you have changed the default settings. You can view your settings in the Admin Web App under the main menu Settings and Script Library.
  5. If changes were made to the respective ScriptRunner Web App configuration files URI.JS  under Drive:\Program Files\ScriptRunner\WebApps\AdminApp, .\DelegateApp\ and .\SelfServiceApp, save these configuration files and the \custom\ subfolders as well.

Restore an installation manually

To fully restore an installation manually, you need the setups of the last installed version and a backup copy of the configuration and the Script Library.

Use the following procedure for manual recovery:

  1. Install the ScriptRunner Server
  2. Install the ScriptRunner Web Apps
  3. Set up HTTPS for the Web Server and for ScriptRunner Server
  4. Test the functions
  5. Stop the ScriptRunner Service
  6. Copy or Move the complete directory Drive:\ProgramData\ScriptRunner\ from the new installation to another location
  7. Copy the saved directory Drive:\ProgramData\ScriptRunner\ from the backup to Drive:\ProgramData\ScriptRunner\ on the ScriptRunner Server
  8. If changes were made to the respective ScriptRunner Web App configuration files URI.JS under Drive:\Program Files\ScriptRunner\WebApps\AdminApp, .\DelegateApp\ and .\SelfServiceApp\, copy them from the backup to the system as well as the \custom\ subfolders.
  9. Restart the server
  10. Configure the settings of ScriptRunner Server and the connectors with the ScriptRunnerSettings PowerShell module
  11. You can then start the Admin Web App in the browser and check whether all elements and reports are available again.

Manual porting to another VM

You can use the procedure described above to port a ScriptRunner Server installation to another VM. Be careful and make sure that you have made system settings on the previous VM (networks, accesses, firewalls) on the previous operating system (domain, DNS, local firewall, PowerShell) and on ScriptRunner Server.

NOTE

You need a new license activation for the new ScriptRunner Server! Therefore, please inform us about your project before porting and request a new key.

The ScriptRunner versions on the previous system and on the new server must be identical !

DO NOT copy the directory the subdirectory Drive:\ProgramData\ScriptRunner\Service\License\ to the new server!

Yes No Suggest edit

Software Updates

Information about Software Updates

Contact persons of our customers are regularly informed by e-mail about each released software version and about fix releases. The e-mail contains information on the build number of the software as well as information on innovations, fixes and special features and access to the download of the software.

The current version number and access to the download can be found on our Support Web Site.

Preparations for the update

Before you start the update, you should make some preparations to ensure a quick recovery of your system in case of doubt.

  1. Create a snapshot of the ScriptRunner Server VM
  2. To save the configuration, stops the ScriptRunner service. Before stopping the service, verify that PowerShell processes of running actions are still active on the host by checking processes named SRXPSHost.exe in the Task Manager. Also pay attention to PowerShell processes of other programs and users.
  3. Backup the complete directory C:\ProgramData\ScriptRunner\.
  4. Save the Script Library folder if you have changed the default settings. You can view your settings in the Admin Web App under the Main Menu Settings and Script Library.
  5. For a recovery, make sure that you have access to the installation files of the installed version.
  6. If changes were made to the respective ScriptRunner Web App configuration files URI.JS under C:\Program Files\ScriptRunner\WebApps\AdminApp\, .\DelegateApp\ and .\SelfServiceApp\, save these configuration files as well.

Before you start

Please make sure that you have carried out the preparations as described above.

  1. Log on to the ScriptRunner Server with the rights to install the software.
  2. Stop all PowerShell processes on the host, including PowerShell sessions that are not controlled by ScriptRunner.
  3. Check that the ScriptRunner service is running.
  4. Make sure that the ScriptRunner Server VM is not interrupted by automatic or manual restarts during the update.

Sequence for the software update

Always update all components of the installation. The version of the ScriptRunner Web Apps and the ScriptRunner Team Apps must always correspond to the version of ScriptRunner Server. Therefore, keep to the order of the individual updates:

  1. Read carefully the Readme in the ZIP file with the Setups
  2. Updating the ScriptRunner service
  3. Updating the ScriptRunner Web Apps
  4. Updating the ScriptRunner ISE App and the Team Apps
  5. If you are using the SQL Report/Audit Connector, it may be necessary to update the tables in the SQL Server.

NOTE

The basic technical procedure is the same for all updates. First the setup of the existing version is started and all program files are uninstalled. Then the setup of the new version starts and installs the new program files. All settings are retained.

Yes No Suggest edit

Updating ScriptRunner Server

Only use the current ScriptRunner setup files to perform the installation. You can download the ZIP file with the setup files here.

This update replaces all functions of ScriptRunner Server, the ScriptRunnerSettings PowerShell module and the Windows Performance Counters with a new version.

Now execute the file SetupScriptRunnerService_new-version.EXE. It starts the setup of the installed version in uninstall mode for the program files. Follow the instructions. After the deinstallation is finished, the installation program of the new version starts automatically. Follow the installation instructions.

NOTE

The ScriptRunner Server Update will first remove the old binaries in C:\Program Files(x86)\AppSphere\ completely. The configuration files in C:\Program Files(x86)\AppSphere\ are completely preserved.

Yes No Suggest edit

Updating ScriptRunner Web Apps on Web Server

Only use the current ScriptRunner setup files to perform the installation. You can download the ZIP file with the setup files here.

This update replaces all features of ScriptRunner Web Apps on the Web Server.

Now execute the file SetupScriptRunnerWebApps_new-version.EXE. It starts the setup of the installed version in uninstall mode for the program files. Follow the instructions. After the deinstallation is finished, the installation program of the new version starts automatically. Follow the installation instructions.

NOTE

The ScriptRunner Web Apps Update will first remove the old binaries in C:\Program Files(x86)\AppSphere\WebApps\completely. The customization settings for the Delegate Web App and the SelfService Web App are retained in full.

Yes No Suggest edit

Updating ScriptRunner Team Apps on clients and server

Only use the current ScriptRunner setup files to perform the installation. You can download the ZIP file with the setup files here.

This update replaces the respective ScriptRunner PowerShell ISE App and ScriptRunner Team Apps functions on the respective system.

Now execute the file SetupScriptRunnerTeamApps_new-version.EXE. It starts the setup of the installed version in uninstall mode for the program files. Follow the instructions. After the deinstallation is finished, the installation program of the new version starts automatically. When updating, only select the apps that you want to install on the respective system. Follow the installation instructions for theScriptRunner PowerShell ISE App and theScriptRunner Team Apps.

NOTE

The ScriptRunner Team Apps Update will first remove the old binaries from Drive:\Program Files(x86)\AppSphere\TeamApps\ completely. The settings are retained in full.

Yes No Suggest edit

Would you like to open a support ticket?

  • Click on the picture.
  • Describe the problem.
  • Submit your e-mail.
  • Receive Ticket-ID from us.

Alternatively, you can register in our ticket system and open a ticket.

Yes No Suggest edit
Suggest Edit