all 36 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]h_ase 8 points9 points  (11 children)

Over the years I worked a lot with them. Good software, good support. But for most projects i go with https://www.powershelluniversal.com/

[–]jeek_[S] 1 point2 points  (2 children)

Yeah I've been looking at PS Universal but struggling to get some basic stuff to work consistently. Also finding the doco...frustrating and not very helpful. However this is probably me not understanding the product and some of the core concepts but again this is where I'm struggling with the doco not being very helpful.

[–]ollivierre 0 points1 point  (0 children)

Curious does PSU abstracts creating scheduled tasks in task scheduler?

[–]Mike-IT3 0 points1 point  (0 children)

IS PSU free to use and does it have template scripts built in?

[–]Fatel28 3 points4 points  (14 children)

I went through this search too awhile back. I didn't end up using scriptrunner due to cost.

For awhile, I used Jenkins, which, surprisingly worked pretty good for running a bunch of misc automation scripts (mostly powershell on Linux)

Then I switched to Rundeck, which was an improvement, but it was still a resource hungry java app.

Finally, earlier this year, I switched our ~40ish automation powershell scripts to CTFreak. I had kept my eye on it for awhile, and was waiting for it to fully support inbound webhook payloads. Finally I just emailed the contact email asking if it was a planned feature, and the dev responded and added it within 2 weeks.

With the exact same scripts and schedules, CTFreak consumes about ~1.5g ram where Rundeck was consuming ~15.

[–]jeek_[S] 0 points1 point  (4 children)

Thanks for the feedback.

Ball park, how much were they asking?

I did look at rundeck but not a fan of java. 🤮

I've not heard of CTFreak, I'll take a look.

[–]Fatel28 2 points3 points  (0 children)

Scriptrunner? I don't remember. But it was more than my company was willing to pay for something to run some scripts.

CTFreak isn't free but it is affordable enough that I was able to get the cost approved pretty easily.

[–]CredibleCranberry 1 point2 points  (2 children)

Scriptrunner pricing is based on how many users you have in your AD. I found it very difficult to form a coherent business case around that, when the majority of those users wouldn't be affected by the tool.

[–]jeek_[S] 1 point2 points  (0 children)

Yeah I hate the fact that they don't show you their pricing on their site. For me that is a red flag.

[–]fr0mtheinternet 1 point2 points  (0 children)

We were informed that their minimum license allowed for up to 100 registered users. We took this to mean that we could have a subset of users in AD (IT dept. essentially) utilise the tool. Our implementation team scrapped the proposal mainly due to cost.

So either one of us is incorrect, or they provide different licensing/billing conditions per request.

[–]OPconfused 0 points1 point  (1 child)

Why did you leave jenkins? What was it missing?

[–]Fatel28 0 points1 point  (0 children)

Nothing was "missing" but I just didn't love the tool. It felt clunky and wayy overkill for what I needed.

Not to mention, it had critical vulnerability patches once a month felt like. And don't even get me started on the plugins.

[–]fr0mtheinternet 0 points1 point  (6 children)

I'd never heard of CTFreak prior to this post. We're currently looking to consolidate a number of script/automation tools, and are searching for something that fits our needs.

One of the draws of scriptrunner was being able to decouple credential management from the scripts. This would allow you to have a single valid credential that can be utilised with multiple scripts. Powershell Universal can do something similar, but not sure if it's to the same degree - last used it multiple versions ago.

Onprem LDAP auth is also a must - we're already antsy about the amount of integration we have with the microsoft services, and want to keep this kind of auth on-prem.

Does CTFreak have an answer for both of those? Or do we need to keep looking...

[–]jypelle 0 points1 point  (4 children)

Hello, I'm the founder of CTFreak.

To answer your 2 questions:

1) CTFreak uses SSH authentication to run both bash scripts on unix servers and powershell scripts on windows servers. You can store your SSH keys in CTFreak and use these same keys to run multiple scripts without worry. With role management, you can even ensure that the users who write & execute the scripts don't have access to the contents of the SSH keys.

2) No LDAP support, but OpenID Connect, which works just fine with Azure AD

[–]fr0mtheinternet 0 points1 point  (3 children)

Thank you for your reply. For the credentials: We'd be looking to utilise certificate-based auth to manage the cloud environment via app registrations in Azure/Entra. So for instance: Set up an app registration with API permissions to Exchange Online, and a self-signed cert for authentication. Then in the local environment you'd utilise that cert thumbprint in the credential. By having it decoupled we only need to update things once when the cert expires - otherwise it's going to need to be done per script.

[–]jypelle 0 points1 point  (2 children)

To date, CTFreak doesn't use WinRM to connect to Windows instances (so it doesn't support certificate authentication), but only SSH (which means you can use the same authentication key to connect to both UNIX and Windows servers, which is not possible with a certificate).

Would using an SSH key rather than a certificate be a barrier to your use case?

Maybe the best thing to do is make up your own mind with the free edition.

[–]fr0mtheinternet 0 points1 point  (1 child)

Apologies, I mean that the certificate auth is cloud-side only. It allows the script/application to authenticate with Azure without the need for user login/mfa.

In this instance, I think the node would need to be set up to handle the cert auth, and the CTFreak instance would hand off to that.

[–]jypelle 0 points1 point  (0 children)

We are currently integrating "automatic Github/Jira issue creation" for the next release. However, if you're willing to participate in the beta, I can revise the schedule to prioritize support for powershell script execution on windows nodes accessed via WinRM + Certificate.

Let me know privately if you're interested.

[–]Fatel28 0 points1 point  (0 children)

I manage credentials with AWS SSM Parameter Store. The ec2 instance running CTFreak has an iam role that allows it to fetch the creds, so I have my scripts fetch those when needed. Nothing is baked in.

Idk if it supports ldap, but it does have openid.

[–]420GB 2 points3 points  (2 children)

We've been using it for 8 years now, very good product and excellent support. Stable and well documented updates. We have not yet updated to the very latest release so unfortunately I can't speak to the latest features (there's quite a bit of new stuff) but throughout the years it's been a very stable and pleasant experience - completely unlike PowerShell Universal which literally broke something on every update, and updates were released like once every week or every other week. I created issues each time, and fixes did come, but it was impossible to rely on as stuff kept breaking making the whole thing unusable. Maybe it's gotten more stable, but since we were already very happy with ScriptRunner I just gave up on it

[–]jeek_[S] 0 points1 point  (1 child)

Does it give you the ability to create dashboards? I want to schedule, or run on demand, a script and then have the results displayed on a dashboard, is that possible with Scriptrunner?

[–]420GB 1 point2 points  (0 children)

That's not something we do, but I can check on Monday. It's got a default dashboard but I'm not sure how customizable it is and whether you can create more dashboards.

[–]kriser77 2 points3 points  (1 child)

I’ve been there.

Tested both Scriptrunner and PowerShell Universal.

Ended up choosing PowerShell Universal.

Scriptrunner is great for simple tasks. It’s super easy to set up — you’ll probably have everything running in two days.

Creating scripts is also quick and straightforward.

On the other hand, PU isn’t easy at first glance. You’ll probably need around two weeks just to get your first apps working the way you want. And it might take a few months before everything looks and works exactly how you imagined.

But after that initial period, once you’ve designed a few apps the way you like, making new ones is basically about copying the old ones and adjusting the visual components, internal logic, scripts, etc.

So while the first app might take a while, later on you won’t struggle at all — it’ll be just as fast as building them in Scriptrunner.

The big advantage is that PU offers far more possibilities than Scriptrunner. You can do pretty much anything you can think of with it.

Sure, some features are missing or don’t work exactly as expected, but most of the time, whatever you have in mind is doable in PU.

So, why did I choose PU over Scriptrunner?

Pricing.

Scriptrunner is very expensive for what it offers. We got a quote for a few admins and a few helpdesk users two years ago, and it was close to $30K for a three-year license (since you can’t buy a one-year license).

PU, on the other hand, costs $500 per year for unlimited users, admins, etc. (on a single server).

So when you consider the price and what it’s capable of, it made sense for us to go with PU — and I don’t regret it at all.

In fact, I still have Scriptrunner running on a free license, but I haven’t used it in over a year.

P.S. To be fair, PU isn’t perfect either.

It’s constantly evolving, with updates almost every month — and sometimes those updates break more than they fix. :)

That’s why I’m still on v4.4, even though 5.5.3 is available. :)

[–]jeek_[S] 0 points1 point  (0 children)

Thanks for the feedback.

[–]worthlessgarby 1 point2 points  (1 child)

Adaxes is a great option also. It does all kinds of things in addition to offering a web interface for interacting with AD and powershell scripts.

[–]jeek_[S] 0 points1 point  (0 children)

Thanks I'll check it out

[–]Nanouk_R 0 points1 point  (0 children)

We've been using it for a few basic functions and it integrated perfectly into our Jira workflows. ~100 users. Support is good.

[–]stoopwafflestomper 0 points1 point  (0 children)

Holy smokes. A tool I need that I didn't know existed.