Heimdal Assistance and Support Help Center home page

Articles in this section

Haven't Tried Heimdal Yet?

Start Free Trial 30-day Free Trial. Offer valid only for companies.

Scripting (Windows)

Last updated

In this article, you will learn everything about the Scripting feature found in the Client Management section of the Heimdal Dashboard.

1. Description
2. Scripting view
3. Adding/editing a new script
4. Scripting settings

DESCRIPTION

The Scripting functionality provides administrators the ability to remotely execute PowerShell and Batch scripts on managed Windows endpoints, either immediately (one-time push) or regularly via integration with the Windows Task Scheduler, under the NT Authority\System user. 

With the on-demand push option, the script is immediately pushed and executed on the target endpoint(s) immediately after the time of submission, following the process below:

  • The admin selects the target(s) and applies the script
  • The script file is securely transferred to the endpoint
  • The HEIMDAL Agent executes the script
  • The Heimdal Agent captures output and reports status back to the HEIMDAL Dashboard.

With the scheduled execution option, the script is configured to run automatically at a future date and time via the Windows Task Scheduler, following the process below:

  • The admin defines a schedule trigger in the Group Policy settings, applying to the target endpoints
  • The HEIMDAL Agent creates a new, named task in the local Task Scheduler on each target
  • The local Task Scheduler executes the script according to the schedule
  • The HEIMDAL Agent monitors the task execution results and syncs the status back to the HEIMDAL Dashboard

The automatic deployment of scripts from the HEIMDAL Dashboard can be seen locally on each computer within the Task Scheduler (under Task Scheduler Library -> Heimdal folder): 
task_scheduler.PNG

IMPORTANT
If you are trying to run a script that handles user profiles, that might not work/run correctly. Another thing to know is the fact that the tasks created from the HEIMDAL Dashboard will not be visible to standard users (on a computer) due to the differences in privilege levels between the NT Authority\System account and regular user accounts. If tasks created by SYSTEM were visible to standard users, it would expose sensitive system-level information that could potentially be exploited. For example, a task running as SYSTEM may have access to protected resources and data that a standard user is not supposed to see or modify.

Resellers can create tasks in Master GPs using scripts created at the reseller level and push them to their customers. For the reseller repository to be visible to a customer, the reseller must add the script to a Master GP and enable the Reseller Master GPs Distribution option. The customer also needs to enable the Opt-in Reseller Master GPs option. Once both are enabled, the customer will have access to the general scripts in the reseller's Personal Repository.

SCRIPTING view

The Scripting page displays all the information related to the scripts that are deployed through the HEIMDAL Agent. On the top, you see a statistic regarding the number of Available ScriptsActive Scripts, and the number of Scripts with errors.

statistics.PNG

The collected information is placed in the following views: Standard, Personal Repository, and Heimdal Repository.

  • Standard
    This view provides a centralized, real-time view of all available scripts, currently active script executions, and the historical log of all script tasks performed across managed host machines. This page is essential for monitoring automation health, troubleshooting script errors, and reviewing execution history. 
    standard.PNGIMPORTANT
    To be able to see the resolution of the Scripting product in the HEIMDAL Dashboard, you need to make sure that the Task Scheduler logging is enabled in the Event Viewer logs (Applications and Services Logs -> Microsoft -> Windows -> TaskScheduler -> Operational).
    The Download CSV functionality allows you to generate and download a CSV report that includes all the information in the grid, while the Filters functionality allows you to filter by resolution.
  • Personal Repository
    This view is dedicated to managing the collection of scripts available for execution. Users can view, search, organize, and perform administrative actions (add, edit, delete, download) on the scripts themselves. New scripts can be added by pressing the Add new script button. You can also download the scripts by using the download icon in the grid. When it comes to deleting scripts, HEIMDAL Dashboard users may delete scripts from the Personal Repository, but deletion is restricted for any script currently assigned to a Group Policy task. In such cases, the system enforces integrity by blocking the deletion and generating an error notification to the user.

    The Download CSV functionality allows you to generate and download a CSV report that includes all the information in the grid.
  • Heimdal Repository
    The Heimdal Repository serves as the central catalog for standardized, predefined, and sanitized automation scripts. The scripts are primarily available in PowerShell and BAT formats, and they are maintained to support a variety of critical operational and security use cases. All scripts in this repository have been vetted and approved for platform-wide use, and they must be imported into the Personal Repository before they can be executed. To ensure traceability and enforce naming integrity, imported scripts are automatically prefixed with Heimdal-<Your-script-name>, clearly designating their origin, and duplicate script names are not allowed. Users can view, search, and import the scripts themselves. 
    heimdal-repository.PNG

ADDING/EDITING a script

Authorized users may add or edit existing scripts after creation and even or import predefined scripts from the Heimdal Repository. Adding a new script can be done right in the Personal Repository tab by pressing the Add new script button, which initiates the process of creating and saving a script to the repository. This process is managed within a dedicated modal window designed to capture all necessary script details. The editing functionality ensures that scripts can be maintained, updated, or adapted as operational and compliance requirements evolve. 
add_script.PNG
To add a new script, you need to fill in the following fields:

  • Script Name - This is the name you give your script.

  • Script Description - This is the description of the operations the script performs.

  • Script Type - This is the type of the script: PowerShell or batch. 

  • Script Content - This is the place where your script resides. Due to stability reasons, this field has been limited to 5,000 characters. 

  • Script Variables - This section allows you to define dynamic parameters that can be reused across the script, providing flexibility and reducing the need for hard-coded values. This functionality ensures that input data is validated and aligned with the intended operational purpose of the script and that scripts remain adaptable to different operational contexts while maintaining consistency and compliance. Variables can be configured in one of four supported types: String (free text input for alphanumeric values), Boolean (logical value: TRUE or FALSE), Date (calendar-based input for selecting a specific date), and Selection (predefined list of values from which the user selects the required option).

IMPORTANT
Please note that the Script Type and existing Variable Type are not editable once the script is created/ imported.

SCRIPTING settings

Enabling Scripting will enable the functionality on the endpoints applying the Group Policy.

Scripting - turn ON/OFF the Scripting functionality.
Add Task - allows you to create a new task that will deploy one of the scripts that you select from the Personal Repository.

  • General - This section allows you to set a task name and a task description:
    general.PNG
  • Triggers - This section allows you to select how a script is being triggered and when (the trigger type can be set to: On a Schedule, At Log On, At Start Up, On Idle, On Workstation Lock, On Workstation Unlock). Once a trigger has been set, remember to turn the trigger ON.
    triggers.PNG
  • Actions - The Actions section allows you to select the script you want to deploy from the Personal Repository. To utilize a script from the Heimdal Repository, it must first be imported into the Personal Repository. Scripts not imported will not appear as selectable options. When a PowerShell (.ps1) or Batch (.bat) script containing variables is selected from the list, you can edit the value for the variables predefined in the script, as all variables associated with that script are automatically displayed in the UI:IMPORTANT
    Variable values modified within the task configuration will not retroactively affect the script’s source file; changes are localized and do not persist in the Personal Repository script.
  • Conditions - This section allows you to trigger an action on idle conditions (start the task if the endpoint is idle for a specific time, stop it if the endpoint ceases to be idle, or restart if the idle state resumes) or Power conditions (start the task only if the endpoint is on AC power, stop if the endpoint switches to battery power or wake the endpoint to run the task):
    conditions.PNG
  • Settings - This section allows you to configure multiple settings: bypass execution protection (for PowerShell scripts), run the task as soon as possible after a scheduled start is missed, if the task fails, restart every time specified in the dropdown, or if the task is running, then apply one of the selected rules.

Once a task is created and saved, don't forget to turn it ON from the grid.

Haven't Tried Heimdal Yet?

Start Free Trial 30-day Free Trial. Offer valid only for companies.