The Easy and Secure Way to Pin a Script on a Device
When performing remote support for our customers and end-users, it’s often valuable to have a repository of scripts available for resolving problems that re-occur regularly. There is really no end to the number of these particular problems, ranging from something as simple as locking their account out, all the way to the more complex requirement of restarting services in a particular order.
Traditionally, this repository of scripts would reside on a shared drive, or in a worst-case scenario, on a particular Analyst’s device. Neither of these options are ideal; they aren’t conducive to collaboration and productivity gains, and they allow for a lot of security vulnerabilities due to a lack of control. This is why we created the PowerShell Script app for Cireson Remote Support.
PowerShell Script Control
With the PowerShell Sript app, as a Tier 3 Analyst or Administrator (often times we know you are both), can create pre-defined PowerShell scripts within the application. This works much the same way as if you were creating them and saving them into a shared folder (minus having to configure the shared folder). Once the script has been created, there are a lot of new security options available to you that you didn’t have when using a shared drive.
Here is what you can do with the script repository that is different from the traditional setup:
- Allow Analysts to execute the script against a target, but not view the script content
- Allow Analysts to modify the script at runtime, but not save the changes to the repository
- Utilize role-based access so only certain Analysts have access to specific scripts
- Utilize tokens that inject the selected properties from the target at runtime
- Maintain an audit history of who ran the script against what target and when they did it
- Pin a script as an action button with the Remote Actions of a device for everyday use
All of this together already makes for a much more manageable scripting solution, but the ease of access to target those scripts where you need them makes things even easier.
Pin a Script
Now that we understand that we can create scripts, secure them, and target devices, we can look at the ways we can access these scripts. Primarily, this comes down to the idea of ‘pinning’ a script to a specific location.
There are three locations currently supported where you can pin a script: 1) within the Remote Actions pane of Device Management, 2) within the Quick Actions pane access from the Device Management grid, and 3) from the One-Click Actions located in a device row in the Device Management grid.
In order to accomplish this, we only have to create the script and then we can click the ‘Pin To’ dropdown and select our target location (pictured at the top of this section). Then we configure the specifics of pinning the item as seen below.
In the example above, we are pinning a One-Click action, but currently, the behavior is identical for pinning into other areas as well. Once you pin a script, you’ll then see the item in the area you specified.
As you can see, I’ve also picked a specific icon for the action and it’s displaying as expected. From here any Analyst that has access to the underlying script will see the pinned action for use.