PowerShell Orchestrator is a centralized job scheduling and execution platform for PowerShell scripts across distributed Windows environments. It consists of a web-based server for managing scripts, jobs, and schedules, and lightweight agents deployed on target machines that execute scripts remotely.
How PowerShell Orchestrator works:
The server manages all aspects of the platform โ scripts, jobs, schedules, syslog targets, and connected agents. Agents are deployed on the Windows machines where scripts need to run. Each agent polls the server for queued jobs, executes the assigned PowerShell script locally, and forwards script output to the configured syslog destination.
Data flow:
- Administrator uploads PowerShell scripts to the server and configures syslog targets
- Administrator creates a job or schedule, selecting a script, agent, and target
- The agent polls the server and claims the queued job
- The agent downloads and executes the PowerShell script locally
- Script output is forwarded to the configured syslog target in real time
- The agent reports job completion, exit code, and execution logs back to the server
- Results are available for review in the Jobs page and in LT Auditor-MP
Core components:
PowerShell Orchestrator Server An ASP.NET Core web application that hosts the administrative interface and REST API. It manages script storage, job queuing, schedules, syslog targets, and agent registrations. The server runs as a Windows service named PowerShellOrchestrator and uses a SQLite database for persistence. The web interface is accessible via browser on port 52866 (HTTPS) or 52865 (HTTP).
PowerShell Orchestrator Agent A .NET background service deployed on each Windows machine where scripts need to run. The agent polls the server for available jobs at a configurable interval (default: every 20 seconds), downloads and executes assigned PowerShell scripts, forwards output to the configured syslog target, and sends regular heartbeats to the server (default: every 60 seconds). The agent runs as a Windows service named PowerShellOrchestrator.Agent.
Key capabilities include:
- Centralized storage and management of PowerShell scripts
- Remote script execution across distributed Windows agents
- On-demand and scheduled recurring job execution using cron expressions
- Real-time job status monitoring and execution history
- Script output forwarding to syslog targets for centralized logging in LT Auditor-MP
- Secure HTTPS/TLS communication between server and agents
- Role-based access control with forced password changes
- Support for both Windows PowerShell 5 and PowerShell Core 7
- Runs as a Windows service on Windows or Linux systemd service on Linux
Common use cases:
- Automated assessment of Active Directory configuration and security posture
- Scheduled execution of compliance and security audit scripts across the environment
- Remote PowerShell script execution without requiring direct access to individual machines
- Centralized collection and forwarding of PowerShell script output to LT Auditor-MP
- Automating routine administrative tasks across distributed Windows infrastructure
How PowerShell Orchestrator fits into LT Auditor-MP:
PowerShell Orchestrator extends LT Auditor-MP’s capabilities into active script-based assessment and automation. Where other modules collect events passively as they occur, PowerShell Orchestrator actively executes scripts on demand or on a schedule โ querying the state of your Windows environment and forwarding structured results to LT Auditor-MP for analysis, alerting, and compliance reporting.
[Your administrator should confirm which Windows machines are in scope for PowerShell Orchestrator agent deployment and which scripts will be used in your environment.]