ITScripts and Windows PowerShell™ Overview

Windows PowerShell™ is a task automation framework. It is built on Microsoft .NET Framework and provides administrators the ability to quickly and easily perform management tasks on Windows machines and applications. The ITScripts function of Security Controls supports the use of PowerShell 4.0, enabling you to execute a variety of scripts on the console and on remote target machines. It also enables you to start a Windows PowerShell session between the console and a selected machine.

You may also be interested in learning about the PowerShell API and REST API functionality available in Security Controls.

For setup and system requirements information, see:

For information on how to perform ITScripts tasks, see:

PowerShell scripts enable you to perform a wide variety of administrative tasks on the machines in your organization -- from the most rudimentary task to highly advanced and complex operations. You might want to search your target machines for a particular type of data, gather and read log files, install software, create a report, determine the status of a service, read the registry, etc. PowerShell scripts are a great way to automate repetitive tasks across a large number of machines.

The advantages to running scripts in Security Controls include:

  • Scripts execute against the machines and machine groups you have already defined in Security Controls
  • Use the machine and machine group credentials you have already entered in Security Controls
  • Scripts execute in the background
  • Script execution can be run immediately or scheduled to run in the future
  • Scripts are executed in parallel against the target machines and usually complete in a fraction of the time that it would take to run them serially (and you can control the level of parallelism)
  • Script output is captured to files that you can review at your convenience
  • Status of script execution is displayed within Security Controls
  • You can open the result files directly from Security Controls
  • Your scripts can be parameterized, and different sets of parameters can be saved in a template or provided when you start the script or schedule it for execution
  • Scripts can use the PowerShell remoting features, allowing the broadest set of capabilities provided by Windows PowerShell

The ITScripts function comes with a number of predefined scripts. This includes basic scripts that are used to perform various utility tasks and advanced scripts that are used to perform more complicated tasks.

You can use the Script Catalog Manager to view the predefined scripts that are available to you.

You can import custom scripts that you created or that were created by someone you trust. Any custom scripts you import will appear in the Script Catalog Manager along with the predefined scripts. Custom PowerShell modules are also supported. You can create and import modules containing cmdlets, providers, functions, variables, and aliases that you can use in your other custom scripts. For more information, see Creating a Custom Script.

Security Controls provides several target types for executing scripts. The target type indicates what the target machine requires when executing a script. The target type is set by the script author using the scriptType element and cannot be altered by Security Controls. A script can only be run in one mode. In all cases the script engine runs on the Security Controls console.

  • Console: The script runs only against the console and not against a set of target machines. For example, you might use a Console script to query or modify Active Directory.
  • Any: The script is run against selected target machines or machine groups without the services of WinRM (PowerShell remoting). The PowerShell client on the console will communicate with the target machines by using other Windows remoting services such as remote registry service, remote Windows file sharing, WMI services, etc. The actual service used will depend on the script. The scripts will be run in parallel, not one machine at a time.
  • You do not need to install any additional software on the target machines when executing scripts of this type. The only ports required are the ports required by the Windows services being used.
  • ESXi Hypervisor: The script runs against an ESXi Server or a vCenter Server. This type of script may use VMware vSphere PowerCLI. VMware vSphere PowerCLI lets you automate all aspects of vSphere management, including network, storage, VM, guest OS and more. Scripts of this type only run against machine groups that contain ESXi servers. If the machine group contains any other machines, they will be ignored when this script executes. For information on creating a machine group that contains ESXi servers, see Adding Virtual Machines Hosted by a Server.

You can use the Script Catalog Manager to identify the target type that will be used by a script.

Security Controls provides a number of security features when using the ITScripts function.

  • Only scripts that are signed by authorities that you trust can be imported to the Script Catalog Manager and made available for use.

    • Scripts created by Ivanti will be signed by Ivanti. If you create a custom script you must sign it using your own certificate and you will accept all liability for use of that script.

  • Security Controls will use the credentials that are already associated with your machine groups to run the scripts.
  • Only those scripts that you approve will be available within the Security Controls interface.
  • Scripts are not encrypted. This enables you to inspect and review the scripts before they are run.

Scripts can be executed on online virtual machines but not on offline virtual machines.