System Requirements

ComponentSupported Operating SystemsNotes
ScriptRunner ServerMicrosoft Windows Server 2016 Desktop Experience

Microsoft Windows Server 2016 Core
(additional: App Compatibility FOD)

Microsoft Windows Server 2019 Desktop Experience

Microsoft Windows Server 2019 Core
(additional: App Compatibility FOD)

Only listed OS are supported

Latest OS updates are required

Windows Server 2019 is recommended

.Net 4.7 or later is required

PowerShell 5.1 is required

Web BrowserGoogle Chrome

Mozilla Firefox

Microsoft Edge (Chromium)

Opera

ISE Add-OnMicrosoft Windows 10, 32 Bit or 64 Bit.Net 4.7 or later is required

Enabled PowerShell is required

 

Hardware

InstallationHardware RequirementsNotes
ScriptRunner Server

(min.)

Virtual Machine

CPU: 2 Cores

RAM: 8 GB

HDD: 64 GB

VMWare, Hyper-V, VirtualBox etc.

4 CPU Cores is recommended in production

16 GB RAM is recommended in production

Additional instructions
Script DevelopmentVisual Studio

Visual Studio Code

PowerShell ISE (conditionally)

Visual Studio Code is recommended
Versions ControlBuilt in with the PowerShell ISE (on file level only)

Git (Azure DevOps, GitHub, GitLab, Bitbucket, etc.)

Team Foundation Server

Firewall

 

ADWS: 9389

Http: 80

Https: 443

IMAP: 143 / 993

LDAP: 389 / 636

PS Remoting (WSMan): 5985 / 5986

ScriptRunner: 8091

SMTP: 25 / 465 / 587

SQL: 1433

Additional ports depending on PowerShell modules of 3rd vendors

The following ports are required depending on the scenario:

Ports used by ScriptRunner

Ports used by ScriptRunner

PowerShell Modules

ScriptRunner allows the integration of 3rd party systems. Depending on the scenario, the respective module must be installed.

More modules and information can be found in the PowerShell Gallery.

Overview PowerShell Module

ComponentModule

 

Active DirectoryActive Directory
(Remote Server Administration Tools)
Exchange ServerExchange Server

 

VMWarePowerCLI

 

Hyper-VHyper-V

 

SQL Serverdbatools
SqlServer
Cloud
O365Exchange Online v2

SharePoint Online

Skype for Business Online

Security & Compliance Center

Teams

PowerApps

 

Microsoft AzureAz

 

Amazon Web ServicesAWSPowerShell

 

Google Cloud PlattformCloud Tools for PowerShell

 

 

Role Concept

ScriptRunner separates users into different roles to restrict or prevent direct access by administrators and users to central resources. The ScriptRunner server acts as a proxy for the control and execution of the PowerShell scripts (Execution Proxy) and is based on the security-by-design concept.

Furthermore, ScriptRunner Server is subject to high security requirements. Administrators with access authorization on operating system level have full access to files and directories of ScriptRunner Server. In addition, you can use ScriptRunnerSettings PowerShell module to make settings and changes. For this reason, limit the access to only a few users.

Note: Use a separate group in AD for administrators.

Groups in Active Directory

For the scheduled operation of the different application roles in ScriptRunner, the following Active Directory security groups are recommended:

  • ScriptRunner Main-Administrators
    Create a security group in your AD.
    Include all administrator accounts in this group, that should have access to the Admin Web App and PowerShell.
    Note: Accounts in this group also have access to the Delegate App and get all items of this group.
  • ScriptRunner Administrators (Team or Client)
    Create a security group for each team or client in AD.
    Include all administrator accounts of a team or client in this group, that should have access to the Admin Web App and PowerShell.
    Note: Accounts in this group also have access to the Delegate App and get all items of this group.
  • ScriptRunner Service Desk Users
    Create one or more security groups for users in the service desk or other IT teams.
    In each group, include all user accounts that are allowed to use delegated actions in ScriptRunner with the Delegate App.
  • ScriptRunner Self Service End Users
    Create one or more security groups for Self-Service users in AD.
    Include in this group all user accounts that are allowed to use delegated actions in ScriptRunner with the Self-Service App.

Note: If a user account is assigned to more than one group, the user is shown all available actions.

Appropriate credentials are required to run PowerShell scripts on the target systems. Personal administrative accounts should never be used during operation.  Create different technical accounts for ScriptRunner in the domain of the target systems (separately for AD, Exchange, VMware, etc.) and assign the necessary permissions.

Note: ScriptRunner can run scripts in different domains independently of a trust relationship. In addition, cloud services in O365, Azure, AWS and Google Cloud can be managed with PowerShell.

Installation

Before you install ScriptRunner, you need to do some preparation:

  • Deploy a virtual machine or server with Windows Server operating system installed.
  • Optional: Set up groups and users in Active Directory.
  • Installing and setting up a web server.
  • Setting up the PowerShell on the ScriptRunner server.

ScriptRunner Server Configuration

You can use a virtual machine for ScriptRunner Server, but make sure that you meet the system requirements. Install the Windows Server operating system and include the server as a member in a domain.

Note: If possible, use the server exclusively for ScriptRunner and not for any other functions. This is the only way to avoid undesired side effects, ensure easy maintenance and guarantee the stability of the automation platform during use.

Furthermore, some roles and features must be installed on the ScriptRunner server. By default, Web Server and ScriptRunner Server run on the same machine. In this case, install the Web Server (IIS) role in the default configuration on the machine under the tab Server Roles.

Server Roles

Installation of additional Server Roles

If the VM is provided via a template, the feature static content of the Web Server Role must be activated. If possible, remove all installed features for Web development and ASP.NET applications.

Install the feature Remote Server Management Tools >Role Management Tools >AD DS and AD LDS Tools >Active Directory Module for Windows PowerShell.

Features

Installation of additional Features

Make sure that the Windows PowerShell feature is installed. Select Windows PowerShell 5.1 or later and always disable PowerShell 2.0. Use the operating system’s Server Manager or equivalent PowerShell commands for installation and configuration.

Note: For problems or troubleshooting with communication connections we recommend also to install the Feature Telnet-Client.

PowerShell Configuration

Check that the WSMan service (Web Services-Management) is running on the ScriptRunner server. If not, set the WSMan service to start automatically. Then check the PowerShell settings. On the ScriptRunner server, open the PowerShell as administrator and enter the following commands:

$PSVersionTable

Get-ExecutionPolicy -List
Get-ExecutionPolicy

Output of PowerShell Version and Execution Policy

The setting for LocalMachine should be set to RemoteSigned, this setting is the default in familiar domains. You can use the following commands to set the PowerShell and associated local firewall rules:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine

Enable-PSRemoting -Force
PS-Remoting

Enable PowerShell Remoting

Note: As an alternative, you can also change the settings using the command:

winrm quickconfig

ScriptRunner Installation

Use only the latest ScriptRunner setup files to perform the installation. The following functions are provided during installation:

  • ScriptRunner Service
  • ScriptRunner Web Apps
  • ScriptRunner Team Apps
  • ScriptRunnerSettings PowerShell Module
  • ScriptRunner Process Monitor

Note: Take a snapshot of the VM before installing ScriptRunner.

Service

Copy the ZIP file to the server and unpack it. Execute the file SetupScriptRunnerService_version.exe.

  1. Start setup: Click on >Next.
  2. License Agreement: Click on >I Agree.
  3. Choose Install Location: Specify installation path.
  4. Service Configuration: Specify service port for REST Web Service Endpoint, default: Port 8091.
    Note: If you want to specify a different port, you must adjust the firewall settings in your infrastructure.
  5. Service Administrators Configuration: Set and validate the Active Directory group for key administrators.
    Note: The members of this group have the highest administrative rights. If an error occurs, either the ScriptRunner Server’s connection to Active Directory is down or the AD group is not yet known in the machine’s cache (re-login required).
  6. Remoting: Setting the local PowerShell loopback remoting for local script execution.
    Note: If an error occurs, check the PowerShell group policies for the server or domain. All systems that use PowerShell for administration require remoting settings.
  7. Finish.

Note: A re-login is required for the next step.

Open the PowerShell console as administrator and use the ScriptRunnerSettings PowerShell module. Enter the following commands:

Get-Command -Module ScriptRunnerSettings

Get-AsrService

Get-AsrSettings

Get-AsrLicense
ScriptRunnerSettings Module

Get commands for ScriptRunner

Web Apps

The Web Server is exclusively used for the central distribution of the Web Apps files. The respective Web App in the browser communicates directly with the Web Service Endpoint of the ScriptRunner Server.

Copy the ZIP file to the server and unpack it. Execute the file SetupScriptRunnerWebApps_version.exe.

  1. Start setup: Click on >Next.
  2. License Agreement: Click on >I Agree.
  3. Choose Install Location: Specify installation directory.
  4. Choose Components: Specify components to be installed.
    Note: If you are using a web server other than IIS, unpack the files with the setup into a directory structure and copy them to the web server. Set up the following virtual directories on the Web server:
    admin for the directory …/AdminApp/
    delegate for the directory …/DelegateApp/
    selfservice for the directory …/SelfServiceApp/
    Then verify the uri.js file in the respective directory and, if necessary, adapt the containing URI to the FQDN of the ScriptRunner server.
  5. Endpoint: Specify the URI for the Web Apps. Enter the FQDN of the ScriptRunner Server.
    Note: If ScriptRunner Server and Web Server are already switched to https, enable the option use SSL (https).
  6. Finish.

You can verify the installation of the Web Apps in the Internet Information Services (IIS). There should have been created:

  • the installed virtual directories
  • the ScriptRunner Application Pool

Under the main directory ScriptRunner you should have the virtual directories admin, delegate and selfservice.

IIS

Internet Information Services (IIS)

You can access the Web Apps via the following URLs in one of the recommended browsers:

  • Admin Web App: http://<fqdn-scriptrunner-server>/ScriptRunner/admin
  • Delegate Web App: http://<fqdn-scriptrunner-server>/ScriptRunner/delegate
  • SelfService Web App: http://<fqdn-scriptrunner-server>/ScriptRunner/selfservice

Team Apps

ScriptRunner Team Apps are functionally identical to the ScriptRunner Web Apps. They are not loaded from the Web Server, but rather start the JavaScript application from a local directory. The Team Apps use the IE11 kernel as runtime environment, therefore all IE11 settings affect the functionality of the Team Apps.

Note: We recommend using the ScriptRunner Web Apps and using the Team Apps only when the Web server is down. This allows you to access the ScriptRunner server functions in case of a failure.

Copy the ZIP file to the server or client and unzip it. Run the SetupScriptRunnerTeamApps_version.exe file.

  1. Start setup: Click on >Next.
  2. License Agreement: Click on >I Agree.
  3. Choose Install Location: Specify installation path.
  4. Choose Components: Specify components to be installed.
  5. Endpoint: Specify the URI for the Web Apps. Enter the FQDN of the ScriptRunner Server.
    Note: If ScriptRunner Server and Web Server are already set to https, enable the use SSL (https) option.
  6. Finish.

ISE Add-On

This installation provides the ScriptRunner PowerShell ISE Add-On and the PowerShell module ISEScriptRunner. The PowerShell ISE Add-On is only for installation on the Admin Clients. To use the PowerShell ISE Add-On, the user in the ScriptRunner role needs to be an Administrator or ScriptRunner Team Administrator.

Note: ScriptRunner PowerShell ISE Add-On is a functional extension for PowerShell ISE.

The ISE Add-On shows all scripts on the ScriptRunner repository and allows the following functions:

  • View: Load a PowerShell script. The script can not be changed.
  • CheckOut: Check out a PowerShell script. The script can be changed.
  • CheckIn: Check in a modified PowerShell script. A version history and a script file version is stored on the ScriptRunner server.
  • Revert: Undo changes to the script before check-in.

Copy the ZIP file to the server or client and unzip it. Run the SetupScriptRunnerTeamApps_version.exe file.

  1. Start setup: Click on >Next.
  2. License Agreement: Click on >I Agree.
  3. Choose Install Location: Specify installation path.
  4. Choose Components: Specify components to be installed.
    Note: Select only ScriptRunner ISE Add-on.
  5. Endpoint: Specify the URI for the Web Apps. Enter the ScriptRunner Server FQDN.
    Note: If ScriptRunner Server and Web Server are already switched to https, enable the option use SSL (https).
  6. Finish.

Note: The PowerShell ISE Add-On communicates with the ScriptRunner Server via REST Web Service.

Start the PowerShell ISE on the Admin Client as administrator. Enter the following commands:

Get-Command -module ISEScriptRunner

#start ISE
Start-ISEScriptRunner

#register ISE Add-On in the PowerShell profile -> activate auto start with ISE
Enable-ISEScriptRunner

#remove ISE Add-On from the PowerShell profile -> disable auto start with ISE Disable-ISEScriptRunner

Silent

When running the installation wizard, you can provide various command-line parameters, most of which target at automated client-application deployment. You can use the unattended installation for automated deployment; in unattended mode, all installation or uninstallation steps are performed without user interaction.

All installation wizards support the

  • -S option enabling the unattended mode.

In addition, you can run the installation wizards with the command-line options described in the next sections.

Service Installation

SetupScriptRunnerService_x.x.x.x.exe [-?]|[[-S] [-INSTDIR="<InstallPath>"][-Port <portnumber>][-Force][-EnablePS][-StartType {auto|delayed-auto|demand}]]
  • -?
    Shows the help message.
  • -S
    Runs the installation in silent mode.
  • -INSTDIR=”<InstallationDirectory>”
    Changes the default installation directory.
    Example: -INSTDIR=”C:\Program Files\sr-test”
  • -Port
    Set the IP port of the ScriptRunner Backend Web Service to the specified port number. The default port number is 8091.
  • -Force
    Do not check for running dependent processes.  Be aware that the (un)installation may fail, if there is a running process that has loaded Dlls of the ScriptRunner Service or ScriptRunnerSettings PowerShell module. Close all PowerShell hosts, where the ScriptRunnerSettings module has been imported.
  • -EnablePS
    Enables PowerShell Remoting on the ScriptRunner Service host.
  • -StartType
    Installs the ScriptRunner Service with start type auto, delayed-auto or demand. The default startup type is <delayed-auto>.

Web App Installation

SetupScriptRunnerWebApps_x.x.x.x.exe [-?]|[[-S][-INSTDIR="InstallPath"][-Admin][-Delegate][-EndUser][-IISConfig][[-Config="<configFilePath>"]|[-BackendURI="<uri>"]]]
  • -?
    Shows the help message and aborts.
  • -S
    Runs the installation in silent mode.
  • -INSTDIR=”<InstallPath>”
    Set the installation directory to the specified InstallPath.
    The default InstallationPath is: “C:\Program Files\ScriptRunner\WebApps”
  • -Admin
    Installs the Administrator Web App.
  • -Delegate
    Installs the Delegate Web App.
  • -EndUser
    Installs the Self-Service Web App.
  • -IISConfig
    Deploy the web apps in IIS.
  • -Config=”<Filepath>”
    Use the config file specified at configFilePath for configuration of the backend URI. The config file C:\Program Files\ScriptRunner\Service\ScriptRunnerService.config is written during the ScriptRunner Backend Service installation. You can alternatively use the -BackendURI parameter to specify the backend URI directly.
  • -BackendURI=”<URI>”
    Use the specified backend URI.
    The default backend URI is “http://localhost:8091/ScriptRunner/”

Desktop Apps Installation

Command-Line Parameters:

SetupScriptRunnerTeamApps_x.x.x.x.exe [-?]|[[-S][-INSTDIR="InstallPath"][-AdminUI][-DelegateUI][-ISEAddOn][[-Config="<configFilePath>"]|[-BackendURI="<uri>"]]]
  • -?
    Shows the help message and aborts.
  • -S
    Runs the installation in silent mode.
  • -INSTDIR=”<InstallPath>”
    Set the installation directory to the specified InstallPath.
    The default InstallationPath is “C:\Program Files\ScriptRunner\TeamApps”.
  • -AdminUI
    Installs the Administrator Desktop App.
  • -DelegateUI
    Installs the Delegate Desktop App.
  • -ISEAddOn
    Installs the ISE Add-On.
  • -Config=”<Filepath>”
    Use the config file specified at configFilePath for configuration of the backend URI.
    The config file C:\Program Files\ScriptRunner\Service\ScriptRunnerService.config is written during the ScriptRunner Backend Service installation. You can alternatively use the -BackendURI parameter to specify the backend URI directly.
  • -BackendURI=”<URI>”
    Use the specified backend URI.
    The default backend URI: “http://localhost:8091/ScriptRunner/”
  • -Force
    Do not prevent the installation on a  DomainController.

Updates

Our contact persons are informed about released software versions and fix releases by e-mail. The email contains the build number, notes on new features, fixes and access to download the software.

Notes:

  • Create a backup before you start the update. Make sure that all PowerShell processes are terminated.
  • With ScriptRunner 2018 or older, you need to install 2019R3 before updating to the latest version.
  • When updating to the 2020R1 version, an intermediate update is no longer necessary.


Note the order of the update:

  1. ScriptRunner Service.
  2. ScriptRunner Web Apps.
  3. ScriptRunner ISE Add-On and Team Apps.
  4. Optional: SQL Report/Audit Connector; an update of the table in the SQL Server may be required.

To update, run the respective installation of the new version. Follow the installation instructions.

During the installation, the old software is uninstalled and automatically replaced with the new version, your settings are kept.

Suggest Edit