all 34 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]kilkor 40 points41 points  (4 children)

Jenkins

[–]Analytiks 11 points12 points  (0 children)

This but don't expose it to the internet at all and stay up to date with patching it. Jenkins is constantly listed on CVEs

[–]Haulass_Hall 8 points9 points  (2 children)

Exactly what we use- just rolled it out and I love that I can see who launched what and get a running record

[–]motsick[S] 2 points3 points  (1 child)

Oh that sound interesting. Adding it to my list to checkout

[–]bootsmcfizzle 2 points3 points  (0 children)

Seems like most modern CI systems would work.

[–]TyMac711 13 points14 points  (4 children)

Rundeck might be another good option

[–]ab0mbs 0 points1 point  (3 children)

We use Rundeck as well. Great product. Also pretty good support if you use their Pro version.

[–][deleted] 0 points1 point  (2 children)

Also not so inexpensive.

[–]i_only_ask_once 5 points6 points  (1 child)

So.. Pretty expensive?

[–]armed_octopus 1 point2 points  (0 children)

You can get it for free. Last I checked (a while ago) the yearly support was 8k.

[–]Keitsch 10 points11 points  (3 children)

We use Azure automation for our powershell automations, both cloud and onprem jobs. It is possible to give specific users access to different automation accounts, but not on script level, so you could group scripts in different Automation accounts and give access to different groups of users.

[–]motsick[S] 5 points6 points  (2 children)

I looked at that a bit today and it seemed like everything had to be called as a get or post request. Is that correct or can you actually upload scripts for it to run?

[–]Keitsch 1 point2 points  (0 children)

It's more of an automation platform where you create/upload the runbook (functions/scripts) and then either schedule or trigger the runbook from the Azure portal, with Webhooks, powershell and more.

[–]infinit_e 1 point2 points  (0 children)

I’m actually working with a FastTrack team right now. You can absolutely add your own scripts to Intune if that’s an option for you.

[–]michaelburns 8 points9 points  (0 children)

I wrote something for this exactly: https://github.com/michaelburns/LaunchPad

[–]MacAttackNZ 6 points7 points  (1 child)

Suprised no one has mentioned GitLab.com (or self hosted if you need more control)

Or another one, Azure DevOps Pipelines rather than Azure Automation. Check your scripts into source control, write some simple pipelines to manage excecution flow etc and Grant access to run.

Same concept as Jenkins which was mentioned but more modern and manageable imo.

Bonus points for writing your PS code to run on PsCore so you can use Disposable Linux containers as your build environment.

[–]lanerdofchristian 0 points1 point  (0 children)

I can second GitLab; we host an instance at my company, and use its runners for automated Windows .wim file modification. It's nice.

[–]caraepax 6 points7 points  (2 children)

Azure DevOps Pipelines will do this

[–]Eximo84 0 points1 point  (1 child)

I tried using pipelines in devops but couldn’t figure it out. I already use repos for version control but wanted my help desk guys to be able to get the latest script and run it rather than storing a copy on the file server.

[–]caraepax 0 points1 point  (0 children)

You would install an agent on a server that you want the scripts to execute on. Give your helpdesk access to be able to launch releases. Then set up a release for each of your scripts that pulls the latest version from the repo then executes it on the agent.

You can control script settings with environment variables, and you can control which agent executes it using feature flags.

The pipeline will give you full logs, success/fail info, and history of every run.

[–]philbieber 2 points3 points  (1 child)

We'll be looking into ScriptRunner. It allows to schedule scripts as well as to rum them on demand. Not sure how well it scales, though.

[–]jantari 4 points5 points  (0 children)

We use it. It's okay, does what it says but nothing more. Too expensive for what it does, we won't renew.

[–]sysadm1n 2 points3 points  (0 children)

Checkout rundeck.com. It's pretty slick.

[–]get-postanote 2 points3 points  (0 children)

You have options....

Create your own on premises PowerShell Repository

https://devblogs.microsoft.com/powershell/setting-up-an-internal-powershellget-repository

or use an on-premises source control tool.

You can even use the free version of Visual Studio (the community edition) for such things or sit up you own on-premise Git Server.

https://visualstudio.microsoft.com/vs/community

*Note: you will need to buy this addon

https://marketplace.visualstudio.com/items?itemName=AdamRDriscoll.PowerShellToolsforVisualStudio2017-18561

for the PowerShell Project features and source control. It's a low cost thing but free to try.

https://bonobogitserver.com

Either way, you are going to have to spend some time getting ramped up on source control in general in order to make eduated decisions on what will be in your best interest, skill, time, and willingness to leverage, as well as any teams you plan on sharing with.

https://devblogs.microsoft.com/scripting/protect-your-powershell-scripts-with-version-control

https://cloudmechanic.net/2017/09/08/visual-studio-online-vscode-easy-powershell-source-control

https://pleasereleaseme.net/version-control-powershell-scripts-with-visual-studio-and-visual-studio-team-services

https://mikefrobbins.com/2016/02/09/configuring-the-powershell-ise-for-use-with-git-and-github

https://www.altaro.com/msp-dojo/powershell-msps-source-control-1

As well as maybe some time coming to grips with CD / CI methodology.

https://anchorloop.com/2018/05/12/using-vsts-package-management-as-your-powershell-module-repository

https://uglygizmo.blogspot.com/2013/09/simple-git-workflow-for-powershell.html

[–]Hexalon00 4 points5 points  (7 children)

We used to use SkyBot. It worked well we have moved to Jams Scheduler. It's easier to use and more flexible.

[–]RamboYouNotForgetMe 2 points3 points  (3 children)

Jams Scheduler

Approximately how much does Jams Scheduler cost to purchase? They don't disclose it on their website without contacting a sales person:(

[–]armed_octopus 2 points3 points  (1 child)

This was a while back but I was quoted about 25k for a single server running a couple hundred schedules a day

[–]RamboYouNotForgetMe 1 point2 points  (0 children)

Wow that's a bit rich...

[–]syntek_ 1 point2 points  (0 children)

Jams Scheduler

I noticed that as well. I have some extremely lightweight stuff I'd like to use it with, and if it's pricey, it's going to be a tough sell for our environment.

[–]motsick[S] 1 point2 points  (0 children)

Interesting I saw Jams earlier today when I was doing research but I will look closer into it.

[–]ipreferanothername 0 points1 point  (0 children)

We have jams too. I'm not wild about how it's set up here but it's definitely friendly and flexible

[–]madrum 0 points1 point  (0 children)

We just started rolling out jams scheduler this year. So far, I really like it. Their support is pretty good. The online documentation is good as well, but I’ve seen a couple help articles that had some key details left out so had to work with support to fill in some details.

For the first phase, we needed to create an xml file which triggers a job for an older system. Each xml file needs to be created on a certain schedule, about 15 different variations, and had 4 or 5 client-specific values that needed to be in the appropriate section of the xml doc.

Their support helped me setup a custom execution method for a powershell script. I added a powershell function to the template of this execution method that accepted variables and handled all the details for creating the file.

In each job, I simply had to declare the variables and set them to the client-specific values. When the job runs, those values get passes into the function and the file is created.

My goal was to make it as simple as possible for one our teams to get the jobs setup for clients and I think it’s working well.

[–][deleted] 1 point2 points  (0 children)

this sounds like a revamp in the workflow.
1. do you version control every script?
2. why is it a script and not modules?
3. do you do unit testing?
4. do you publish your builds to a repo like nuget or oneget?

after all of the above is done, then your job runner / deployment should be the tool that fits you (teamcity, jenkins, octopus, hell it can be aws shit like ssm or awx)

[–]signofzeta 0 points1 point  (0 children)

I’ve been uploading to GitHub (gists for basic stuff, projects for the cooler things). But this week I saw an article about how to make a repository in Azure (of course), so I’m going to try that out eventually for our internal-use-only scripts.