Ensure your team can leverage PowerShell scripts securely.
It won't take long, if you're active in the PowerShell community, to hear of the automation utility for teams that goes by the name ScriptRunner.
The reason for that is because they're a leading developer in the IT administration space, and they provide tools for automating, maintaining, and managing an entire information technology environment with PowerShell. Find out how to delegate PowerShell scripts with ScriptRunner to ensure your team can leverage PowerShell scripts securely.
ScriptRunner for teams
One of the major benefits of using ScriptRunner is it enhances your ability to work as a team on projects, particularly around infrastructure automation. It's been my experience that once the team finds how useful the scripts are after they've been put in ScriptRunner, they start using the scripts and the ScriptRunner service more often.
ScriptRunner is particularly useful when it comes to working with others in your organization, because you don't have to point people to a git repo or instruct them on how to use the script, they can point and click. This allows you to have junior administrators or even some privileged interns with the same administrative ability as some of your more senior folks, since everyone will be working off of the same code base. This allows your senior staff to work on more automation and improving the team's workflow while the junior admins and interns take care of the rest of the day to day.
You don't just have to take my word for it, let's dive in and I can show you how ScriptRunner script delegation works.
Delegating Powershell scripts with ScriptRunner
There are a couple of prerequisites to being able to delegate scripts with ScriptRunner. We'll first assume that you have a script that you want to delegate, and we'll assume that you have already created an action based on this script.
Although it's not strictly a prerequisite, it is a good idea to ensure that you're able to run the action you want to delegate successfully before you start delegating it to other users. Once we have those few things in place, we're ready to delegate scripts so others within our organization can take advantage of the PowerShell scripts we've written.
In order to delegate scripts with ScriptRunner, we start by logging into the administrator page of our ScriptRunner instance. Before we get too far ahead of ourselves, we'll need to create a delegation. To do this, we'll navigate to the Delegation tab in the left-hand side.
Creating a delegation
To create a delegation, click on the Create button at the bottom of the screen.
Once we've clicked on the Create button, a new popup will appear, asking us for more details about the delegation. We fill this out with a unique name and assign it either active directory or claims-based authentication. For now, I've simply named my group "Junior AD Admins" and assigned it to an active directory group within my domain.
On the next tab, it will ask you which actions you would like to delegate to the users or group you previously configured. In my case, I want to assign the Get-ADUser Properties action to my Junior AD Admins group, so I select that action from the next window.
Of course, I'm only assigning one delegated action to these users, but if you wanted to do more than one script, you can always assign this by holding the Control key while clicking on the additional actions. This is particularly useful if I have multiple scripts I wanted these users to run; I'd be able to delegate them all in one fell swoop rather than delegating them individually.
That's all there is to delegating scripts with ScriptRunner! Now, when the user logs in, they will see the delegated action under the Actions tab under their login. They'll be able to run this script just as they would if they had created the script and the action under their own account.
As you have seen, ScriptRunner has not only enhanced the ability for a team to work together with their PowerShell projects, but they've made the management and delegation of scripts easy.
It doesn't take much imagination to see how you're able to apply this in your own environment, whether you're automating the retrieval of common AD fields your team uses or even deploying new infrastructure in Azure on a whim.