Before installing PowerShell Orchestrator, confirm that your environment meets the following requirements for both the PowerShell Orchestrator Server and the Agent components.
PowerShell Orchestrator Server requirements:
| Requirement | Details |
| Operating System | Windows Server 2016 or newer, or Windows 10/11 |
| Runtime | .NET 9 Runtime (included in the installer) |
| Privileges | Administrator privileges required for installation |
| Network โ Inbound | HTTPS on port 52866, HTTP on port 52865 (optional) |
| Network โ Outbound | Outbound UDP/TCP to syslog targets (typically port 514) |
PowerShell Orchestrator Agent requirements:
| Requirement | Details |
| Operating System | Windows Server 2016 or newer, or Windows 10/11 |
| Runtime | .NET 9 Runtime (included in the installer) |
| Privileges | Administrator privileges required for installation |
| Network โ Outbound | HTTPS access to the PowerShell Orchestrator Server on port 52866 |
| Network โ Outbound | UDP/TCP access to syslog targets (typically port 514) |
| PowerShell | Windows PowerShell 5 or PowerShell Core 7 |
Network requirements:
| Port | Protocol | Direction | Purpose |
| 52865 | HTTP | Inbound to server | PowerShell Orchestrator Server web UI (optional) |
| 52866 | HTTPS | Inbound to server | PowerShell Orchestrator Server web UI and agent communication |
| 514 | UDP/TCP | Outbound from agents | Default syslog forwarding to LT Auditor-MP or other targets |
[Your administrator should confirm the exact ports required in your environment and ensure firewall rules are in place on both the server and all agent machines before proceeding with installation.]
Download packages:
Two separate installation packages are required:
| Package | Purpose |
| LTA_PSOrchestrator.msi | PowerShell Orchestrator Server installation |
| LTA_PSOrchestrator_Agent.msi | PowerShell Orchestrator Agent installation |
[Your administrator should confirm where to obtain the current installation packages for your environment.]
SSL certificate considerations:
The PowerShell Orchestrator Server automatically generates a self-signed TLS certificate during installation:
| File | Location | Purpose |
| PSOrchestrator.pfx | certs\ in the installation directory | Server TLS certificate used for HTTPS and agent communication |
The certificate password is stored in the machine-level environment variable:
LTAORCHESTRATOR_CERT_PASSWORD
For production deployments, replace the self-signed certificate with a certificate issued by a trusted Certificate Authority. If agents need to trust the self-signed certificate, export the server certificate and install it on each agent machine.
LT Auditor-MP requirements:
| Requirement | Details |
| LT Auditor-MP Server | Must be installed and running |
| Syslog Listener | Must be active and configured to receive PowerShell Orchestrator forwarded events |
[Your administrator should confirm the LT Auditor-MP syslog listener port and protocol before configuring targets in PowerShell Orchestrator.]
Prerequisites checklist:
- [ ] Server machine meets OS requirement โ Windows Server 2016 or newer or Windows 10/11
- [ ] Agent machines meet OS requirement โ Windows Server 2016 or newer or Windows 10/11
- [ ] Required firewall ports are open โ inbound 52865/52866 on server, outbound 52866 from agents to server
- [ ] LT Auditor-MP server is installed and running with syslog listener active
- [ ] Both installation packages are available
- [ ] SSL certificate approach is decided โ self-signed or CA-issued
- [ ] Administrator privileges are available on the server and all agent machines
- [ ] PowerShell 5 or PowerShell Core 7 is available on all agent machines
[Your administrator should complete this checklist before proceeding to the installation articles.]