ScriptRunnerSettings PowerShell Module

CmdletRequired Parameter

Description

Add-AsrCorsOriginOriginScriptRunner will by default accept Web App requests from any origin.

To restrict the accepted origins, add the allowed origins here, i.e. the URI of your web server hosting the Delegate / Admin Web App.

Check the Windows Application Eventlog for ScriptRunner CORS warnings, which list a rejected origin.

Restart of ScriptRuner Service is required.

Add-AsrPsModuleModulesThe ScriptRunner Service can provide module functions to directly create Actions, without requiring a script.

Changes applied here will affect all ScriptRunner users working with this ScriptRunner installtion.

Restart of ScriptRuner Service is required.

Disable-AsrLicensedUserExactLicensedUserStringDisable a licensed user, freeing the user license for someone else. Caution: There is no way to re-enable a disabled licensed user!
Enable-AsrLicensedUserActivationKey

ExactLicensedUserString

Reactivate a previously disabled user for ScriptRunner; this reserves a user license for this exact name!
Get-AsrCorsOriginScriptRunner will by default accept Web App requests from any origin.

To restrict the accepted origins, add the allowed origins here, i.e. the URI of your web server hosting the Delegate / Admin Web App.

Check the Windows Application Eventlog for ScriptRunner CORS warnings, which list a rejected origin.

Changes of the origins require a restart of the ScriptRunner Service to take effect

Get-AsrEmailInboundConnectorGet the current settings of the ScriptRunner Email Inbound Connector.
Get-AsrEMailNotificationConnectorGet the current settings of the ScriptRunner Email Notification Connector.
Get-AsrLicenseGet the current license status of ScriptRunner.
Get-AsrLicensedUserLists all users who are a registered user of the ScriptRunner Service.
Get-AsrLicensedUserExNot supported!
Get-AsrPasswordServerConnectorGet the current settings of the ScriptRunner Password Server Connector.
Get-AsrPsModuleThe ScriptRunner Service can provide module functions to directly create Actions, without requiring a script.

Settings applied here will affect all ScriptRunner users working with this ScriptRunner installtion.

Restart of ScriptRuner Service is required.

Get-AsrServiceGet the ScriptRunner service.
Get-AsrSettingsWrites the current global ScriptRunner settings to the console.
Get-AsrSqlConnectorIf ScriptRunner SQL-DB Connector is licensed and configured, returns the configured connection string.

Specify the database credentials in the ScriptRunner Admin App on the Global Settings window to avoid cleartext passwords in the connection string.

Restart of ScriptRuner Service is required.

Get-AsrSTSOptionsGet the current STS pipeline configuration options for the ScriptRunner Service.

If enabled, ScriptRunner will open a second REST pipeline, on a second IP port, intended for token based authentication (Windows Integrated or AD FS authentication).

Note that this pipeline will use HTTPS and therefore requires an SSL certificate!

Get-AsrUriGet the URI of the ScriptRunner OData Service that is used by the ScriptRunner Apps.
Get-AsrVersionGet the version number of the installed ScriptRunner Service.
Get-AsrWinEventGet the ScriptRunner events from the Windows Event Log.
Initialize-AsrLicenseActivationKey

Company

Email

Online Activation: Register your ScriptRunner license online with a License Server in the Internet.

The user performing this should have Internet access with a browser window.

Offline Activation: If your infrastructure is completely offline, use the UnlockKey parameter to enter the Unlock Key you received with your activation key.

Register-AsrLicensedUserExactLicensedUserStringManually register a user for ScriptRunner; this reserves a user license for this exact string!
Remove-AsrCorsOriginScriptRunner will by default accept Web App requests from any origin.

To restrict the accepted origins, add the allowed origins here, i.e., the URI of your web server hosting the Delegate / Admin Web App.

Check the Windows Application Eventlog for ScriptRunner CORS warnings, which list a rejected origin.

Restart of ScriptRuner Service is required.

Remove-AsrPsModuleThe ScriptRunner Service can provide module functions to directly create Actions, without requiring a script.

Changes applied here will affect all ScriptRunner users working with this ScriptRunner installtion.

Restart of ScriptRuner Service is required.

Restart-AsrServiceRestarts the ScriptRunner service.
Set-AsrCorsOriginOriginsScriptRunner will by default accept Web App requests from any origin.

To restrict the accepted origins, add the allowed origins here, i.e., the URI of your web server hosting the Delegate / Admin Web App.

Check the Windows Application Eventlog for ScriptRunner CORS warnings, which list a rejected origin.

Restart of ScriptRuner Service is required.

Set-AsrCyberArkConnectorSet additional ScriptRunner Password Server Connector settings specific to the CyberArk Password Server.
Set-AsrEMailInboundConnectorChange your ScriptRunner Email Inbound Connector settings.
Set-AsrEMailNotificationConnectorChange your ScriptRunner Email Notification Connector settings used for sending email notifications.
Set-AsrPasswordServerConnectorChange your ScriptRunner Password Server Connector settings used for password retrieval.
Set-AsrPsModuleModulesThe ScriptRunner Service can provide module functions to directly create Actions, without requiring a script.

Settings applied here will affect all ScriptRunner users working with this ScriptRunner installtion.

Restart of ScriptRuner Service is required.

Set-AsrSettingsConfigure global settings for the ScriptRunner Service backend.

Settings applied here will affect all ScriptRunner users working with this ScriptRunner installation.

Restart of ScriptRuner Service is required.

Set-AsrSqlConnectorScriptRunner can optionally log all script execution reports, in detail, into your audit database.

This requires an SQL Server database, with the correct table layout.

You specify here the respective connection string and the user credentials.

Restart of ScriptRuner Service is required.

Set-AsrSTSOptionsSet STS pipeline configuration options for the ScriptRunner Service.

If enabled, ScriptRunner will open a second REST pipeline, on a second IP port, intended for token based authentication (Windows Integrated or AD FS / AAD authentication).

Note that this pipeline will use HTTPS and therefore requires an SSL certificate!

Set-AsrURISet the URI of the ScriptRunner OData Service that is used by the ScriptRunner Apps.
Start-AsrServiceStarts the ScriptRunner service.
Stop-AsrServiceStops the ScriptRunner Service
Test-AsrEMailInboundConnectorClearPasswordTest the current settings of the ScriptRunner Email Inbound Connector, by connecting to the IMAP host and opening the folder to check.

Note that the mailbox password is required to run this test.

Test-AsrEMailNotificatonConnectorRecipientTest the current settings of the ScriptRunner Email Notification Connector, by connecting to the SMTP host using these settings.

Note that the mailbox password is required to run this test.

Test-AsrUriTests the URI of the ScriptRunner OData Service that is used by the ScriptRunner Apps.
Update-AsrLicenseKeyUpdate your license of ScriptRunner with a license key, to change certain license features.

The license must have been initialized using Initialize-AsrLicense to allow update license keys.

Https Configuration

To switch ScriptRunner to https, you have to configure the following settings:

  • Provide certificates
  • Changeover Web Server
  • Changeover ScriptRunner Server
  • Adjust the ScriptRunner Web Apps configuration
  • Optional: Customize the ScriptRunner ISE Add-On and Team Apps configuration
  • Optional: Adjust browser settings

Note: The conversion to https must be done on the ScriptRunner Server, the Web Server and the Team Apps, mixed operation of http and https is not permitted. Parallel operation of http and https can be set with specific settings only for special cases.

You need a valid certificate to set up https on ScriptRunner Server and Web Server. You’ll need to create this in the certificate infrastructure.

Web Server

Open the Microsoft Management Console (MMC) and load the certificate management module. Import the certificate or chain of certificates into the Personal Store on the local computer.

Certificates

Presonal store of the local computer

After you have successfully imported the certificate, you can configure the bindings in the Web Server. To do this, open the IIS Manager and select the website where the ScriptRunner Web Apps have been installed. Open the Bindings configuration and create an https binding with the assignment of the imported certificate.

Https certificate

Configuration of the https certificate

Note: Authentication is not required to load the ScriptRunner Web Apps. Therefore the authentication setting should allow anonymous access to the web page. User authentication and role assignment is done on the ScriptRunner Server.

Web Apps

To switch ScriptRunner to https, the uri.js has to be adjusted in several directories. To do so, go to $env:ProgramFiles\ScriptRunner\WebApps and edit the uri.js in the subdirectories:

  • \AdminApp\
  • \DelegateApp\
  • \SelfServiceApp\

Edit the uri.js and adjust the last line as follows:

ScriptRunner.baseuri = 'https:// <fqdn-scriptrunner-server>:8091/ScriptRunner/';

Note: Port 8091 is determined by the settings you made during installation of the ScriptRunner Server.

After editing the uri.js, the Web Server must be restarted. Do this by executing the command iisreset.exe in PowerShell.

Afterwards the ScriptRunner Service Endpoint must also be switched to https. Open the PowerShell as administrator and enter the following commands:

Get-ChildItem Cert:\LocalMachine\My

Set-AsrUri -SSLCertThumbprint <Thumbprint> -SSLEnable -Restart

To verify the change, type and run the Get-AsrUri command in PowerShell.

Note: Do not forget to specify https in the browser address bar as well.

Teams Apps and ISE Add-On

To change the Team Apps or the PowerShell ISE Add-On, run the Team Apps Setup again and follow the instructions. To switch the Team Apps to https, enable the use SSL (https) option on the ScriptRunner Service Endpoint page.

Team Apps configuration

Https configuration of the Team Apps

After the installation is completed, you can start the respective Team App. The ScriptRunner ISE Add-On or the corresponding Team App connects automatically to the ScriptRunner Service Endpoint.

Theming

With the ScriptRunner Theming Feature you are able to customize the appearance of the Web Apps Admin, Delegate and SelfService to the corporate design of your organization.

This affects the following components:

  • Start screen
  • Logo in the top bar
  • Color of the top bar

Note: It is not possible to customize the Team Apps.

Theming

Modified design in the Admin Web App

Follow these steps to customize the Web Apps:

  1. Open the respective directory of the Web App. If the IIS is used with the default installation, they are located in :
    – $env:ProgramFiles\ScriptRunner\WebApps\AdminApp\custom
    – $env:ProgramFiles\ScriptRunner\WebApps\DelegateApp\custom
    – $env:ProgramFiles\ScriptRunner\WebApps\SelfServiceApp\custom
    Note: Settings in these directories will be saved for future updates.
  2. Save two image files in PNG format in the respective directory:
    – Logo: as “custom_headerlogo.png” with max. 30px height
    – Start screen: as “custom_splashscreen.png” with max. 530px width

    Path

    Directory of the images

  3. Edit the file customstyle.css as shown in the following picture. Pay particular attention to all comment characters (/* , */). Enter the color value for the background as name, e.g. green or as hex value e.g. #a1cc1f.

    customstyle.css

    Modified customstyle.css

  4. Start the web server by executing the iisreset.exe command in the PowerShell.

The Web Apps are now available in the Corporate Design of your company.

Änderung vorschlagen