Blue Lance

Bluelance 2.0
Get a demo
View Categories

Installing PowerShell Orchestrator

3 min read

PowerShell Orchestrator is installed on a Windows machine that has network access to your Active Directory domain controllers and Microsoft Entra ID tenant. The installation package is available as a zip file from the Blue Lance download portal. Complete the LT Auditor MP server installation before deploying PowerShell Orchestrator.

Prerequisites:

Before installing, confirm the following:

RequirementDetails
LT Auditor MP ServerMust be installed and running before deploying PowerShell Orchestrator
Operating SystemWindows Server 2019 or newer
PowerShell VersionPowerShell 5.1 or PowerShell 7+
WinRMMust be enabled on the machine running the orchestrator and all target endpoints
Service AccountA dedicated service account with read permissions across Active Directory and Entra ID
Network AccessMust be able to reach domain controllers, Entra ID, and the LT Auditor MP server
PrivilegesAdministrator privileges required on the installation machine
Download Packagelta-mp-orchestrator.zip obtained from the Blue Lance download portal

Download the PowerShell Orchestrator package:

[Your administrator should confirm whether packages are distributed internally or downloaded directly from the portal in your environment.]

Enabling WinRM on the installation machine:

If WinRM is not already enabled, run the following in PowerShell as Administrator:

Enable-PSRemoting -Force

Confirm WinRM is running:

Get-Service WinRM

The service should show as Running.

[Your administrator should confirm whether WinRM is managed via Group Policy in your environment before enabling it manually.]

Installation steps:

  1. Copy the lta-mp-orchestrator.zip package to the target Windows machine
  2. Extract the zip file to a working directory
  3. Open PowerShell as Administrator and navigate to the extracted directory:

cd C:\path\to\extracted\orchestrator

  1. If not already done, allow PowerShell scripts to run:

Set-ExecutionPolicy Unrestricted

  1. Run the installation script:

.\Install.ps1

  1. Follow any on-screen prompts during installation, including:
    • Entering the LT Auditor MP server IP address or hostname
    • Confirming the syslog port (default: 514)
    • Selecting the communication protocol (UDP, TCP, or TLS)
    • Entering the service account credentials to be used for Active Directory and Entra ID assessments
  2. Once installation is complete, reset the PowerShell execution policy:

Set-ExecutionPolicy Restricted

[Your administrator should fill in the exact installer prompts and any environment-specific options that appear during installation.]

Post-installation verification:

After installation completes, confirm that PowerShell Orchestrator is running and communicating with the LT Auditor MP server.

  1. Check the service status:

sc query PowerShellOrchestrator

The service should show as Running.

  1. In the LT Auditor MP Web UI, navigate to Admin โ†’ Modules and confirm the PowerShell Orchestrator instance appears with a status of Connected
  2. Check the PowerShell Orchestrator logs for any errors:

\Program Files\Blue Lance 2-0\PowerShellOrchestrator\Logs\

  1. Verify that assessment data is appearing in the LT Auditor MP View module by navigating to View and selecting the Active Directory environment

If the module does not appear as connected in the Web UI, confirm that no firewall is blocking communication between the installation machine and the LT Auditor MP server on the configured syslog port.

[Your administrator should note the specific port, protocol, and service account used in your environment, and document which machine PowerShell Orchestrator is installed on.]

Verifying service account permissions:

The service account used by PowerShell Orchestrator requires the following minimum permissions:

Active Directory:

  • Read access to all user, group, and computer objects in the monitored domains
  • Read access to Group Policy Objects (GPOs)
  • Read access to Active Directory Sites and Services

Microsoft Entra ID:

  • Directory.Read.All โ€” read access to directory objects
  • AuditLog.Read.All โ€” read access to audit logs
  • Policy.Read.All โ€” read access to conditional access and other policies

[Your administrator should confirm the exact permissions required in your environment and ensure the service account is configured accordingly before running the first assessment.]

active directory, connected, deployment, directory permissions, domain controller, entra id, entra id permissions, execution policy, getting started, group policy, installation, logs, modules, orchestrator service, post-installation, powershell, powershell orchestrator, powershell orchestrator installation, ps remoting, service account, service account permissions, services, syslogs, verification, windows, winrm

Powered by BetterDocs

Newsletter

Let's get started and
enjoy the power of LT Auditor MP

ยฉ Copyright , BLUE LANCE 2.0. All Rights Reserved.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by