How to use the PowerShell tile
About using PowerShell in Dashboard Server
You can use PowerShell to visualize data from external tools and data sources directly in your Dashboard Server dashboards. The PowerShell feature consists of three components:
PowerShell tiles contain the individual PowerShell script for the tile.
A PowerShell tile can be added to any of your dashboards. Each PowerShell tile consists of a PowerShell Run As account, an optional PowerShell profile, and a script that is inserted within the tile.
Since the script in the tile isn't encrypted you shouldn't store any sensitive data like passwords in a PowerShell tile.
Only administrators can add script to a PowerShell tile. Users who can edit tiles due to their Team Folder permissions can see the script, but they will get an error message when they try to save changes (for more information about security measures for users trying to edit sensitive tiles see Signing and security for sensitive tiles).
PowerShell profiles contain re-usable scripts with encrypted sensitive data.
A PowerShell profile is created once and then can be re-used in PowerShell tiles. Only administrators can create PowerShell profiles. Since PowerShell profile scripts are encrypted and can only be seen by administrators, you can safely store scripts that contain credentials, authentication tokens, etc. You can also load external modules in a profile (e.g. a VMWare module downloaded from the internet).
You can also use PowerShell profiles for more sophisticated code, for example if your tile needs to combine data from two different API connections, you can put credentials for both connections in the profile. Make sure to give your profile a meaningful description to remember which provider(s) the profile connects to and what it does with the data.
Dashboard Server users who can edit tiles due to their Team Folder permissions can use PowerShell profiles in their PowerShell tiles, but they can’t see the underlying script.
- PowerShell Run As accounts contain the credentials that define the permissions deciding how PowerShell scripts are run (both the script in the tile and the profile script chosen for the tile).
The PowerShell Run As account Default comes with every Dashboard Server installation and uses the Dashboard Server app pool identity to run the scripts. Since running PowerShell scripts within the Dashboard Server application pool process can pose a security risk and affect Dashboard Server performance, you can change the default Run As to use a different account.
You can also add new Run As accounts to be able to execute scripts with different credentials.
Required PowerShell version
Using PowerShell in Dashboard Server requires PowerShell version 5.1 and above. If you want to use .NET Core PowerShell scripts, you need to have .NET Core 5.0 installed.
If you are using HA, make sure .NET Core is installed on all HA machines. If you configured a tile to use the NET core option and try to view the tile on a HA machine that doesn't have .NET Core installed, the tile will display the error message "PowerShell host process returned errors: A fatal error occurred. The required library hostfxr.dll could not be found."
When do you use a PowerShell tile?
Since PowerShell tiles contain any PowerShell script you want, there are a lot of different use cases for them. Here are some examples:
You can use a PowerShell tile when the Web API tile is not sufficient for your requirements:
- You can retrieve and combine data from different APIs. For example, if you want a status to turn “critical” when two different sources return “unhealthy”, you can use a script that retrieves data from Pingdom and from PagerDuty. If only Pingdom or PagerDuty returns “unhealthy”, you want the status to be “unhealthy”, but if both sources return “unhealthy”, you want the status to turn “critical”.
- You can make several different API requests at once to the same API and bring them together in one visualization.
- You can manipulate API requests and responses. For example, if you want to include authentication tokens or other complexities in your API request.
- You can retrieve data from management tools that don’t support REST API.
You can access and visualize data from locally stored files (CSV and TXT). You can also merge data from the different file sources. For example, you can merge data from daily CSV log files into a monthly overview.
You can use a PowerShell tile when the SQL tile is not sufficient for your requirements:
- You can retrieve data from management tools that don’t support SQL.
- You can connect to non-SQL databases, such as Oracle, PostGre and MySQL.
If you're looking for some real-life examples of Dashboard Server dashboards, check out our GitHub Samples repository. You'll find dashboards built by the community as JSON exports you can use as templates for configuring your own dashboards.
How to configure a PowerShell tile
Add a new tile to a dashboard and choose the PowerShell tile.
Choose the visualization for your PowerShell tile:
ScalarA single value such as a number of customers or incidents.
Example:
GridA table of data, for example incidents or tickets.
Tip: You can turn the individual rows into links in the settings. For example, if you're displaying tickets in your grid, you can link the rows to the ticket in your external ticket system.
Did you know? Since Dashboard Server 5.4 users can search the grid, and temporarily change the column size and sorting of the grid (by clicking on the column headers) without having to access the settings. They can also expand a row by clicking on the three dots at the end of each row if cells are too small to show their entire content.
Line GraphShows data over time, in a graph with an x-axis (time) and a y-axis. You can show several objects, such as servers, in one graph.
Example:
SparklinesShows data over time (like line graphs), but each item gets its own graph instead of showing all lines in one graph.
Example:
Bar GraphVisualizes both a number and the resulting bar width based on the number value.
Example:
DonutShows the results in a donut shape.
Example:
Status IconsShows the state of items as icons with different colors. You can display just the icons or together with a description. You can also use a background image and drag the icons into position on the image.
Example:
Status BlocksShows the state of items as blocks with different colors.
Example:
Scope:
Select the scope for your tile (optional).
Scope options on dashboardsTip: If you experience any problems with scoping tiles, you'll find FAQs and help in the article How to scope tiles.
List List allows you to select one or more objects or groups.
You can add multiple
objects and groups . To remove anobject or group click the x to the right of its name.Tip: Start typing and after two characters you'll see suggestions that match the name appear.
Tips for using wildcards when searching for objects or groupsBy default searching will look for the top 10 items containing the words listed in the search. If you wish to create a more specific search you will need to use wildcards (*).
If you place a wildcard after the term you are looking for, it will find all the objects which start with that word searched and any terms that may follow. If you place a wildcard at the start of the search term, it will look for objects that contain the searched word and also have terms before that word.
If you enclose your searched term in wildcards it will look for objects which contain the searched word, this object will not begin or end with the term searched.
Group Group allows you to select members of a specific group. Only one group can be selected.
Advanced Advanced allows you to select a group, class or both. You must at least define either a group or class. You can define both. You can also use criteria to narrow down your selection.
Group:
Same as the group option above.
Class:
Class equates to the target class within SCOM. As you type the dropdown will be populated with suggestions of matching classes from SCOM, from which you can select the required class.
Criteria:
Criteria allows you to create an expression to further refine the scope.
Examples for commonly used criteriaObjects you would like to see Criteria Objects with particular text in their name DisplayName like '%Server1%'
Objects starting with a particular string DisplayName like 'test%'
All objects in maintenance mode InMaintenanceMode = 'TRUE'
Only healthy objects HealthState = 1
Objects with a health state in SCOM of 0, an unknown health state (uninitialized), a gray health state icon with a question mark. HealthState = 0
Objects that are not healthy HealthState != 1
Objects in critical state HealthState = 3
Objects in critical or warning state HealthState = 2 or HealthState = 3
To show all gray uninitialised objects HealthState = 0 OR HealthState IS NULL
All objects not in maintenance mode InMaintenanceMode != 'TRUE'
Objects where the parent agent is offline IsAvailable='false'
Objects that are offline, in maintenance or state unknown IsAvailable='false' OR InMaintenanceMode=1 OR HealthState=0
Computers with a particular OS OSVersion = '6.3.9600'
List objects by name and filter by HealthState (Name like '%Server3%' OR Name like '%Server4%' OR Name like '%Server2%') AND HealthState=3
List objects by SCOM Id and filter by HealthState Id IN ('7021174b-9e5d-5fbf-878a-42b9f0bf6f4a', '9bd4a1cc-f07a-0e36-b37d-d9ee974e0f3c') AND HealthState=3
Exclude object from the Group specified DisplayName not like '%server3%'
Exclude objects from the Group specified (DisplayName NOT LIKE '%server3%') AND (DisplayName NOT LIKE '%server4%')
For more information see:
Scope options on perspectivesNote: If you never used a perspective, you should read Working with perspectives before scoping tiles on perspectives.
The power of perspectives is that tiles on a perspective can use a dynamic scope. A dynamic scope considers the currently viewed
object . A dynamic scope consists of two different states:the configuration of the scope in the tile (for example, "consider child objects of type logical disk for the currently viewed object")
the actual resolved scope that depends on which
object you are currently viewing ("this object has 5 child objects of type logical disk")
After configuring the dynamic scope once in the tile, you'll get different results depending how the scope is resolved on the different
objects you are viewing.Suggestions
Suggestions are generated based on the object you are currently viewing. You'll see a list of relevant scope options based on the object's relations to other objects. Suggestions don't cover every possible scope, but they are a quick and easy way to select a suitable scope for your tile.
Note: Suggestions won't be shown if an object has no children, parents or siblings.
Tip: If the exact scope you want isn't listed in the suggestions, you can select a suggested scope that is similar to the one you want, and then click on custom. The custom section will now automatically be filled with the suggestion you picked and you can edit the scope here to adjust it exactly to your needs. This is a more intuitive way to pick a scope than starting in the custom section and navigating the SCOM object model for classes and groups.
Double-check the scope when using suggestions: Using suggestions is an easy way to pick a scope, but you need to make sure that the generated suggestion is appropriate for all objects that use the perspective.
For example, when you pick a suggestion for an EA, you will get suggestions that are specific to the map, dependencies, and availability tests for this one EA. On perspectives you want to use for all EAs, you have to change the scope suggestion in the custom section so that the tile work for all EAs.Walkthrough: Editing a scope suggestion to make it work for all EAsEnterprise Applications are designed so that you can map out the servers that make up the application. You can then configure tiles to show information related to just the servers on the EA's map. When you create a perspective that will be used for all EAs, you need to make sure that you scope the tiles so that they work for any EA. When you start with a suggestion, the tile's scope only works for the one EA you're currently looking at, and this is why you need to edit the scope:
For an EA you want to scope to the servers that are specified on the EA map by selecting something from the suggestions (Dashboard Server 4.2 and above) that shows something similar to the following:
This /<YourApplicationName> Map / ... / Windows Computer
The above will scope the tile to all the objects of class Windows Computer on this EAs map.
The screenshot below shows some scope suggestions for an application called FinanceXS. The bold text shows the currently selected scope is This object. The cursor shows the option
This / FinanceXS / ... / Windows Computer
. Once chosen this scope will show all the Windows computers shown on the applications map.Next, we need to adjust the specified scope to allow it to work for all EAs, rather than just this one.
- In the scope section click custom.
Click on the text
<YourApplicationName> Map (children)
which is your first scope step. This will expand the scope step so you can edit it.Remove the auto-populated class
<YourApplicationName> Map
by clicking the cross x next to it.Start typing
Enterprise Application - Map
and select this from the list to add this class. This is so that this tile scope will work for all EAs, rather than just this one EA.- The scope is now configured to show all the Windows computers on the EA's map, whichever EA you happen to be viewing with the perspective.
How to read the suggestionsYou can pick between "this object" and objects that are related to this object as parents, children or siblings. The suggestions for children are written as paths that follow the SCOM object tree structure, parents and siblings can be identified by the word parent or sibling in the suggestion.
A parent of an object is any object that hosts or contains that object.
A child of an object is any object that this object hosts or contains.
A sibling of an object is any object of the same class that is hosted by the same parent.This object The dynamic scope will be resolved to the object currently viewed.
"this object" option which does NOT mean the actual one object like for the target setting but the relative object I'm looking at
This / child
/child
/class of object
The dynamic scope will be resolved to children of the object currently viewed.
You select objects of a particular class that are contained in path. The class of the objects you are selecting is stated at the end of the path.
This / * The dynamic scope will be resolved to children of the object currently viewed.
If a path ends with a wildcard (*) it means that you select all objects of any class within the path.
Technically it means that we fill the class field with the class "logical entity" since every object in SCOM has this class, it is a "base" class
Example:
This / IIS Web Server / *
selects all objects of any class in the level belowThis / IIS Web Server
.This / child
/ ... /class of object
The dynamic scope will be resolved to children of the object currently viewed.
If a path contains an ellipsis (...) it means that you select objects of a particular class that are contained in all of the objects that are contained in the path preceding the ellipsis. The class of the objects you are selecting is stated at the end of the path.
Example:
This / Sales App Map / ... / Windows Computer
selects all objects of the class Windows Computer in theThis / Sales App Map
path.Parent class of object
The dynamic scope will be resolved to parents of the object currently viewed. Sibling class of object
The dynamic scope will be resolved to siblings of the object currently viewed. Show more triangle next to a suggestion
You can click the show more triangle to expand the list of suggestions and see more specific paths.Example for navigating suggestions in an EAIf you are looking at an EA, the path to find all windows computers in that EA may read
Map / ... / Windows Computer
. It returns all objects of the Windows Computer class contained within all of the paths underMap
.To narrow the scope down, you can click on the triangle to expand the suggestion and select one of the more specific paths. If you select
Map / Web / Windows Computer
you will find all objects of the Windows Computer class in the pathMap / Web
.If you choose the option
Map / *
you'll find all objects contained in the map. If you extend this suggestion by clicking on the triangle, you'll see suggestions to select all objects in a more specific path, for exampleMap / Web / *
.Custom
Here you can pick objects that are related to the object you are currently looking at. If you want to create a specific scope that is not listed under suggestions, you can create the scope here.
Tip: You can pick a similar scope under suggestions first and then click on custom to edit it.
How to pick a simple relation (one step through the SCOM model)At the top, you'll see the name of the object you are currently looking at. Now you can choose if you want to pick parents or children of that object, and if this parent or child relation should be considered only one level up or down the SCOM model or through all levels.
Class:
Here you pick the class of the objects you want to select. If you leave this field empty, the scope falls back to the "this object" scope.
Note: You will only see groups and classes that the object you are currently looking at is a member of.
Tip: If you want to pick objects of any class, enter the SCOM base class logical entity in the class field.
Tip: If you want to find out what classes the object you are interested in belongs to, you can go to the Monitored Entity perspective of that object. You'll see all the classes the object belongs to listed there.
Criteria:
You can narrow the selection of objects of a particular class down further by entering criteria for those objects. For more help see How to use criteria when scoping objects.
Tip: If you want to find out what properties you can base your criteria on, you can go to the Monitored Entity perspective of the object you are interested in. You'll see all the properties for criteria listed there.
.
Example for picking a simple relationFor example, for a perspective created for the group IIS8 Computer Group adding a Status tile scoped to show children with a class of
object
will show the group members, i.e. the members of the IIS8 Computer Group.How to pick advanced relations (multiple steps through the SCOM model)If you need to traverse a more advanced SCOM object model like an EA, you can use the + button to add more steps. This creates a scope that can go through any kind of path of the SCOM object model.
Complete the following steps and then click the + button after you're done to add the next level of SCOM objects:
At the top, you'll see the name of the object you are currently looking at. Now you can choose if you want to pick parents or children of that object, and if this parent or child relation should be considered only one level up or down the SCOM model or through all levels.
Class:
Here you pick the class of the objects you want to select. If you leave this field empty, the scope falls back to the "this object" scope.
Note: You will only see groups and classes that the object you are currently looking at is a member of.
Tip: If you want to pick objects of any class, enter the SCOM base class logical entity in the class field.
Tip: If you want to find out what classes the object you are interested in belongs to, you can go to the Monitored Entity perspective of that object. You'll see all the classes the object belongs to listed there.
Criteria:
You can narrow the selection of objects of a particular class down further by entering criteria for those objects. For more help see How to use criteria when scoping objects.
Tip: If you want to find out what properties you can base your criteria on, you can go to the Monitored Entity perspective of the object you are interested in. You'll see all the properties for criteria listed there.
.
Other specific objects
Gives you the normal, non-dynamic scope options you are used to when scoping tiles on dashboards. This means the tile will not dynamically adapt it's content to the currently viewed
object , it will always show data for the staticobject picked here.Since the power of perspectives is that their tiles can show data for different
objects depending on whatobject is currently being viewed, you should only select this option when you are sure that there is no relationship between the desired scope and the currently viewedobject .Notes for selecting the scope for Status Icons or Blocks Which status is displayed depends on what you choose as a scope:
If you want to see the status of individual objects (for example, two individual servers), select multiple objects in the list section.
If you want to see the status of a group itself rather than the individual objects within the group, select a group in the list section.
If you want to see the status of each individual group member of a group, select a group in the group section.
If you want to see the health state of all groups, select the class "group" in the advanced section.
Run As
Choose the Run As account you want to use for running the profile and the script in this tile. Choosing a Run As is mandatory. If you haven't configured any Run As accounts, the tile will use the Default Run As.
Note: If you click on add new, you can create a new Run As in a new tab. Click on reload after you created the new Run As to be able to choose it from the drop-down.
About Run As accountsPowerShell Run As accounts contain the credentials that define the permissions deciding how PowerShell scripts are run (both the script in the tile and the profile script chosen for the tile).The PowerShell Run As account Default comes with every Dashboard Server installation and uses the Dashboard Server app pool identity to run the scripts. Since running PowerShell scripts within the Dashboard Server application pool process can pose a security risk and affect Dashboard Server performance, you can change the default Run As to use a different account.
You can also add new Run As accounts to be able to execute scripts with different credentials.
Jump to Managing PowerShell Run As accounts to learn more about Run As accounts.
Profile
If you want to use a PowerShell profile for this tile, choose the profile (optional).
Note: If you click on add new, you can create a new profile in a new tab. Click on reload after you created the new profile to be able to choose it from the drop-down.
About profilesPowerShell profiles contain re-usable scripts with encrypted sensitive data.
A PowerShell profile is created once and then can be re-used in PowerShell tiles. Only administrators can create PowerShell profiles. Since PowerShell profile scripts are encrypted and can only be seen by administrators, you can safely store scripts that contain credentials, authentication tokens, etc. You can also load external modules in a profile (e.g. a VMWare module downloaded from the internet).
You can also use PowerShell profiles for more sophisticated code, for example if your tile needs to combine data from two different API connections, you can put credentials for both connections in the profile. Make sure to give your profile a meaningful description to remember which provider(s) the profile connects to and what it does with the data.
Dashboard Server users who can edit tiles due to their Team Folder permissions can use PowerShell profiles in their PowerShell tiles, but they can’t see the underlying script.
Advanced
Execution environment:
Choose the execution environment your PowerShell script was intended for to make sure it gets executed correctly:
Windows PowerShell (.NET framework)
PowerShell (.NET Core)
Note:
The .NET Core option is only available if it is installed on your server, .NET Core is not automatically installed with Dashboard Server.
Note:
If you are using HA, make sure .NET Core is installed on all HA machines. If you configured a tile to use the NET core option and try to view the tile on a HA machine that doesn't have .NET Core installed, the tile will display the error message "PowerShell host process returned errors: A fatal error occurred. The required library hostfxr.dll could not be found."
Interval:
The interval enables you to limit how often a script gets executed in Dashboard Server. For example, you might want to run a script less frequently if it makes a request to an API that charges you per request or an API that puts a limit on how many requests you can make within a time period.
How does the interval affect how often PowerShell scripts are run in Dashboard Server?
By default, a PowerShell script will be executed every time the dashboard refreshes (every minute). If you set the interval to 10 mins, you create a 10 min cache for your script results and your script won't run until the last fetched results are 10 mins old.
The interval is not a schedule, it does not trigger a script execution every 10 mins. Scripts will only be executed when the dashboard is reloaded and the results in the cache are older than the interval (10 mins in this example). The cache is valid for all users, which means if another user opens the same dashboard in Dashboard Server or via Open Access and the script has been executed 5 mins ago, they see the cached results immediately but have to wait for 5 mins to see fresh results.
Can multiple tiles share the same cache?
Identical tiles share the same cache. For tiles to be considered identical, the JSON code of both tiles needs to be identical. If you want to use identical tiles to reduce the load on the back-end, you can copy the JSON from one tile and paste it into a different tile.
The shared cache works across your whole Dashboard Server instance on:- All dashboards (including Open Access dashboards), as long as they use the same page timeframe
- Perspectives for the same object on the same drill-down using the same page timeframe
Timeout:
You can control when the script will run into a timeout. By default, scripts will be aborted after 1 min. You can define a longer timeout for long running scripts.
Best practice:
Even if you can use long running scripts by setting the timeout to several minutes, you shouldn't use scripts that run for a long time. Long running scripts lead to tiles that show a loading spinner for minutes and are not user-friendly.
Tip:
Instead of setting the timeout for scripts to a longer time, run the script outside of Dashboard Server periodically, and store the results in a CSV file. Create a PowerShell tile that accesses and visualizes the results in the CSV file.
Script:
Insert the PowerShell script you want to use. You can view your script's response data in the next step.
Using the scope in your PowerShell scriptIf you defined a scope, you can use the mustache picker to insert values that refer only to the defined scope.
Values that refer to the defined scope carry the prefix
$scope.
before the value. If you picked a group as the scope, the$scope.
prefix can have numbers that indicate the number of the item in the group (for example,$scope[0]
). If you use values in the script without the$scope.
prefix, those values will ignore the scope you chose.Using the page timeframe in your PowerShell scriptYou can make your PowerShell scripts responsive to the current page timeframe setting:
Since the timeframe values are strings, you need to convert the
$timeFrame
variable into aTimeSpan
object:Copy$timeSpan = [TimeSpan]::MaxValue
switch ($timeFrame) {
"last1Hour" { $timeSpan = [TimeSpan]::FromHours(1) }
"last12Hours" { $timeSpan = [TimeSpan]::FromHours(12) }
"last24Hours" { $timeSpan = [TimeSpan]::FromHours(24) }
"last7Days" { $timeSpan = [TimeSpan]::FromDays(7) }
"last30Days" { $timeSpan = [TimeSpan]::FromDays(30) }
"last3Months" { $now = [DateTime]::Now; $timeSpan = $now - $now.AddMonths(-3) }
"last6Months" { $now = [DateTime]::Now; $timeSpan = $now - $now.AddMonths(-6) }
"last12Months" { $now = [DateTime]::Now; $timeSpan = $now - $now.AddYears(-1) }
}
"TimeSpan is {0}" -f $timeSpanThe above script returns a
TimeSpan
object calculated from the$timeFrame
variable as the following:Script examples for ScalarsYou need to have maximum 1 of:
- numeric data type (
System.Byte, System.Int16, System.Int32, System.Int64, System.Single System.Double
, orSystem.Decimal
) System.DateTime
System.String
Alternatively, return an object with a single property of one of the above types.
Example:
CopyGet-Process | Measure-Object
Script examples for GridsYou need to return a collection of objects. The properties can be of any data type, but a property of a given name should have a consistent data type across the collection.
Example:
CopyGet-Process | select Id,Name | sort Name
Script examples and Column Overrides for Line Graphs and Spark LinesYou need to return a collection of objects. And each object must have:
- for "timestamp": min 1
System.DateTime
property - for "value": min 1 property of numeric data type (
System.Byte, System.Int16, System.Int32, System.Int64, System.Single System.Double
, orSystem.Decimal
) - optional, for "grouping": min 1
System.String
property
Example:
Copy$rnd = New-Object Random
$date = [DateTime]::Now.Date
$i = 0
$sampleTime = $date + [TimeSpan]::FromMinutes($i)
while ($sampleTime -lt [DateTime]::Now) {
$sample = $rnd.Next(0,100)
New-Object PSObject -Property @{
time = $sampleTime;
time2 = $sampleTime;
val = $sample;
val2 = $sample * 2;
}
$i++
$sampleTime = $date + [TimeSpan]::FromMinutes($i)
}Column Overrides
You only see the Grouping field in the Column Overrides when your script returns at least one
string
property for each object.Here you define how the returned data is displayed. Use the dropdowns to specify which data/column you want to use:
timestamp
Here you define the time series for the x-axis of the graph.
value
Here you define which value the graph will show. For example, if you want to see the response time of different servers, your metric value would be response time. If you want to see the number of tickets, your metric value would be number (of tickets).
show all: If there are multiple values, you can display these by ticking this box. Each value will get its own series (a line in a line graph, a bar in a bar graph etc.).
grouping
Here you can define a group to take a closer look at the graph's value(s). Each item in the group will create its own series (a line in a line graph, a bar in a bar graph etc.). For example, if you group the value response time by servers on a line graph, you'll see one line per server, each line showing you the response time for this one server over time.
Script examples and Column Overwrites for Bar Graphs and DonutsYou need to return a collection of objects. Each object must have:
- For "value": min 1 property of numeric data type (
System.Byte, System.Int16, System.Int32, System.Int64, System.Single System.Double
, orSystem.Decimal
) - For "grouping": min 1
System.String
property
Example:
Copydir | group-object Extension | sort -property Count -desc
Column Overwrites:
You only see the Grouping field in the Column Overrides when your script returns at least one
string
property for each object.Here you define how the returned data is displayed. Use the dropdowns to specify which data/column you want to use:
value
Here you define which value the graph will show. For example, if you want to see the response time of different servers, your metric value would be response time. If you want to see the number of tickets, your metric value would be number (of tickets).
Only for Bar Graphs:
show all: If there are multiple values, you can display these by ticking this box. Each value will get its own series (a line in a line graph, a bar in a bar graph etc.).
grouping
Here you can define a group to take a closer look at the graph's value(s). Each item in the group will create its own series (a line in a line graph, a bar in a bar graph etc.). For example, if you group the value response time by servers on a line graph, you'll see one line per server, each line showing you the response time for this one server over time.
Script examples for Status Icons or BlocksYou need to return a property named state and this must contain the following values: Healthy, Critical, and/or Warning. The values are not case-sensitive.
Any other state values will be displayed as Unknown (gray tile).
The state values define the color of the status icons or blocks:
Healthy
green Warning
yellow Critical
red Unknown
gray Example:
Copy@{ state = "healthy"; id = "1"; name = "Object 1"; metric = "90%" }
@{ state = "healthy"; id = "2"; name = "Object 2"; metric = "83%" }
@{ state = "warning"; id = "3"; name = "Object 3"; metric = "63%" }
@{ state = "critical"; id = "4"; name = "Object 4"; metric = "22%" }
@{ state = "error"; id = "5"; name = "Object 5"; metric = "unknown" }Click next.
- numeric data type (
Response data:
Here you can check if your script works and returns the expected data.
Configure the settings for the visualization you chose:
Settings for ScalarsScalar
Font size Allows you to set the font size of the value in the tile.
Unit Allows you to add a unit to the value displayed in the Scalar tile. For example, if your value shows a time in milliseconds, you can enter "ms" or if your value shows pageviews, you can enter "pageviews".
Value formatter Allows you to format the value by using the mustache picker. For example, you can round the value up or down or convert it.
Conditional formatting:
You can display the scalar in different colors based on conditions you defined here. For example, you can display the scalar in green when the value is below 100 and in red when it is above 100.
Click on add to configure a condition.
Click on select color.... to open the color picker. Select the color for this condition.
Enter your condition in the field next to the color. You can use the
value
property and manipulate it with JavaScript String and Regex APIs. When you click on the mustache picker, you'll get some examples:Value is greater than something, less than something, etc.
For example:
{{value < 10}}
(The color you picked will be used if the value is less than 10)Value is present in the result
For example:
value.IndexOf('error') != -1
(The color you picked will be used if the string value "error" is present in the results)Value matches one of the regular expressions you defined
For example:
value.match(/healthy|good|up/)
(The color you picked will be used if the string values arehealthy
,good
, orup
)
Display:
Here you decide how the color is used:
Tile background Highlight the tile in the color you defined. Text foreground
Display the text in the color you defined. Link options
Allows you to turn the graph item(s) into links. You can either enter plain text to create a fixed link (URL always stays the same) or use dynamic properties to create a dynamic link.
Dynamic links make use of dynamic properties which are inserted as part of the URL. This creates a template URL that will be resolved to an actual URL based on the items properties.
For example, if you want to link to tickets in your ticket system and the format of the URL for tickets in your system is
https://www.my-system/ticket-123
, where123
is the ticket ID, you can use the dynamic property that contains the ticket ID and enter the dynamic URLhttps://www.my-system/ticket-{{ticketID}}
.For scalars, you can only use the dynamic property
value
in dynamic links, which means the link changes when the value of the scalar changes. Since a scalar is just one item, it would also make sense to use a fixed link, for example the link to the website of which you are displaying the response time.For status icon or bars and the rows of a grid, you usually want to use a dynamic link since you get multiple items or rows that represent different things. You can use any of the dynamic properties the mustache picker offers you.
Examples for URLs with dynamic properties for popular APIsDynamic mustache properties and values you need to change according to your instance are highlighted in bold.
ServiceNow incidents:
https://<your-instance>.service-now.com/nav_to.do?uri=%2Fincident.do%3Fsys_id%3D{{sys_id}}
PagerDuty incidents:
{{incident.html_url}}
Azure DevOps projects:
https://dev.azure.com/<your-instance>/{{name}}
Azure DevOps builds:
https://dev.azure.com/<your-instance>/_build/results?buildId={{id}}
Zendesk tickets:
https://<your-instance>.zendesk.com/agent/tickets/{{id}}
Azure Application Insights
https://portal.azure.com/#@squaredup.net/resource/{{ResourceId}}
Settings for GridsGrid columns
Grid columns opens the grid designer, where you can show or hide columns, change the order of columns, edit column names or add custom columns.
Grid options
Row link Allows you to turn the graph item(s) into links. You can either enter plain text to create a fixed link (URL always stays the same) or use dynamic properties to create a dynamic link.
Dynamic links make use of dynamic properties which are inserted as part of the URL. This creates a template URL that will be resolved to an actual URL based on the items properties.
For example, if you want to link to tickets in your ticket system and the format of the URL for tickets in your system is
https://www.my-system/ticket-123
, where123
is the ticket ID, you can use the dynamic property that contains the ticket ID and enter the dynamic URLhttps://www.my-system/ticket-{{ticketID}}
.For scalars, you can only use the dynamic property
value
in dynamic links, which means the link changes when the value of the scalar changes. Since a scalar is just one item, it would also make sense to use a fixed link, for example the link to the website of which you are displaying the response time.For status icon or bars and the rows of a grid, you usually want to use a dynamic link since you get multiple items or rows that represent different things. You can use any of the dynamic properties the mustache picker offers you.
Examples for URLs with dynamic properties for popular APIsDynamic mustache properties and values you need to change according to your instance are highlighted in bold.
ServiceNow incidents:
https://<your-instance>.service-now.com/nav_to.do?uri=%2Fincident.do%3Fsys_id%3D{{sys_id}}
PagerDuty incidents:
{{incident.html_url}}
Azure DevOps projects:
https://dev.azure.com/<your-instance>/{{name}}
Azure DevOps builds:
https://dev.azure.com/<your-instance>/_build/results?buildId={{id}}
Zendesk tickets:
https://<your-instance>.zendesk.com/agent/tickets/{{id}}
Azure Application Insights
https://portal.azure.com/#@squaredup.net/resource/{{ResourceId}}
Show column headers You can choose between showing or hiding the header for all columns.
Expand rows automatically Activate this checkbox if you want the row height to expand automatically based on the row content, for example if your grid uses increased text size, images, emojis etc.
Limit number of results displayed You can set a limit of the initial number of results displayed in the grid. If you have set a limit and there are more results to display, users will see a "show all" button below the grid.
Font size Use the slider to adjust the font size.
Tip for column sizing: You can change the column width directly in the grid by clicking on the divider lines between columns and dragging them to the width you want. You need to show column headers (by activating the show column headers check box) to be able to change the column width.
Resizing columns while in edit mode affects how the grid looks by default when users open the dashboard. Users can temporarily change the column sizes by dragging them, but those changes only last until they leave the page.Settings for Line GraphsData range
The Data Range option allows you to choose the range of data the graph will display. For line graphs, this means the data on the y-axis.
percentage Shows 0 to 100 fit to data Shows the data minimum to data maximum fit to data (from zero) Shows from 0 to the data maximum custom Allows you to specify the min and max custom fit Allows you to specify the min and max limits, so that data outside your settings will not be shown. If all the data falls within your specified ranges then the y-axis range will fit to the data rather than your caps.
Display
Height: Allows you to set the height of the tile with a slider.
Label
Allows you to change the label of the results.
Show legend:
Allows you to show or hide the legend of the graph.
Label:
auto Choose this option if you want to use the default label that has been created automatically.
custom
Here you can change the label to a custom label. You can use static text and dynamic properties. Use the mustache picker to select dynamic properties from the response data to use them as labels.
For more information see How to use Custom Labels
Important note if you are using external API properties with hyphens for custom labels (Web API tile, Elasticsearch tile, Splunk tile)Property names that contain hyphens (for example
properties.name-with-hyphens
) can't be processed due to a JavaScript limitation. If you want to use a property that contains a hyphen, you have two options:If you have access to the data source and can change the name of the property, change the name of the property to a name without hyphens.
For example, if your Elasticsearch query uses a property (an aggregation, a grouping or any other property you want to use) with a name that contains a hyphen, you can either access your Elasticsearch instance and change the name there or you can overwrite the name in the query dsl field.
If you can't change the name of the property, you need to enter the property name in the following format:
Original property name:
{{properties.name-with-hyphens.value}}
New format:
{{properties['name-with-hyphens'].value}}
Settings for SparklinesData Range
The Data Range option allows you to choose the range of data the graph will display. For line graphs, this means the data on the y-axis.
percentage Shows 0 to 100 fit to data Shows the data minimum to data maximum fit to data (from zero) Shows from 0 to the data maximum custom Allows you to specify the min and max custom fit Allows you to specify the min and max limits, so that data outside your settings will not be shown. If all the data falls within your specified ranges then the y-axis range will fit to the data rather than your caps.
Label
Allows you to change the label of the results.
auto Choose this option if you want to use the default label that has been created automatically.
custom
Here you can change the label to a custom label. You can use static text and dynamic properties. Use the mustache picker to select dynamic properties from the response data to use them as labels.
For more information see How to use Custom Labels
Important note if you are using external API properties with hyphens for custom labels (Web API tile, Elasticsearch tile, Splunk tile)Property names that contain hyphens (for example
properties.name-with-hyphens
) can't be processed due to a JavaScript limitation. If you want to use a property that contains a hyphen, you have two options:If you have access to the data source and can change the name of the property, change the name of the property to a name without hyphens.
For example, if your Elasticsearch query uses a property (an aggregation, a grouping or any other property you want to use) with a name that contains a hyphen, you can either access your Elasticsearch instance and change the name there or you can overwrite the name in the query dsl field.
If you can't change the name of the property, you need to enter the property name in the following format:
Original property name:
{{properties.name-with-hyphens.value}}
New format:
{{properties['name-with-hyphens'].value}}
Settings for Bar GraphsNote: If you want to return results in a specific order, you need to sort the results within your script since there is no sorting panel in the settings.
Data Range
The Data Range option allows you to choose the range of data the graph will display. For line graphs, this means the data on the y-axis.
percentage Shows 0 to 100 fit to data Shows the data minimum to data maximum fit to data (from zero) Shows from 0 to the data maximum custom Allows you to specify the min and max custom fit Allows you to specify the min and max limits, so that data outside your settings will not be shown. If all the data falls within your specified ranges then the y-axis range will fit to the data rather than your caps.
Label
Allows you to change the label of the results.
auto Choose this option if you want to use the default label that has been created automatically.
custom
Here you can change the label to a custom label. You can use static text and dynamic properties. Use the mustache picker to select dynamic properties from the response data to use them as labels.
For more information see How to use Custom Labels
Important note if you are using external API properties with hyphens for custom labels (Web API tile, Elasticsearch tile, Splunk tile)Property names that contain hyphens (for example
properties.name-with-hyphens
) can't be processed due to a JavaScript limitation. If you want to use a property that contains a hyphen, you have two options:If you have access to the data source and can change the name of the property, change the name of the property to a name without hyphens.
For example, if your Elasticsearch query uses a property (an aggregation, a grouping or any other property you want to use) with a name that contains a hyphen, you can either access your Elasticsearch instance and change the name there or you can overwrite the name in the query dsl field.
If you can't change the name of the property, you need to enter the property name in the following format:
Original property name:
{{properties.name-with-hyphens.value}}
New format:
{{properties['name-with-hyphens'].value}}
Color
Here you can enable or disable graph color matching.
Settings for DonutsSort
Sort allows you to change the order of the results displayed. You can sort by value (ascending or descending) or label (alphabetically ascending or descending).
Display
Size mode:
Default Displays the donut scaled to the height of the tile. Fill Enlarges the donut to use the whole width of the tile. If you chose the fill option and show the legend, you can define the size of the legend with a slider. Show legend:
Allows you to show or hide the legend of the graph.
Display mode:
Allows you to switch between displaying absolute values or percentages.
Color palette:
Here you can choose between different color palettes.
Note: If there are more items than colors, the colors repeat from the beginning.
Tip for displaying priorities or health states: If you want to display priorities or health states from a data source that doesn't enrich the data with information about priority or health (like the SQL tile or external APIs), use the custom color option and map the results to the correct color. This way, you can make sure that healthy or low priority results are displayed in green, unhealthy or high priority results are displayed in red, etc. If you use the color palettes Priorities, Health1, or Health2 the colors get assigned depending on how the results are sorted, which doesn't guarantee that the colors make sense for the priority or state they represent.
General 10 different colors without specific meaning Priorities 5 different colors representing 5 different priority states Health1 3 different colors representing 3 different health states
(red=unhealthy, green=healthy, gray=unknown)Health2 4 different colors representing 4 different health states
(red=critical, orange=unhealthy, green=healthy, gray=unknown)Pastel 10 different pastel colors without specific meaning Blue 4 different shades of blue from dark to light Orange 4 different shades of orange from dark to light Green 4 different shades of green from dark to light Pink 4 different shades of pink from dark to light Custom Here you can choose colors and map them to a value.
Click on Select color... to select a color and enter the name of the value that you want to display in that color. Make sure you spell the value's name correctly (case-sensitive), otherwise the color won't be assigned to it.
Note if your color mapping doesn't work (color stays gray)If you entered the value's name correctly (case-sensitive) and your mapping still doesn't work, check if the mapping value contains leading or trailing spaces. Try to enter the value with and without those spaces. Alternatively, you can remove spaces from the mustache expression and enter the values without spaces.
Example:
Mustache expression with leading and trailing spaces in the values:
{{#if Status == "1" }} Healthy {{elseif Status == "2" }} Down {{elseif Status == "3" }} Warning {{/if}}
Mustache expression without spaces in the values:
{{#if Status == "1" }}Healthy{{elseif Status == "2" }}Down{{elseif Status == "3" }}Warning{{/if}}
Settings for Status IconsLink options
item link:
Allows you to turn the graph item(s) into links. You can either enter plain text to create a fixed link (URL always stays the same) or use dynamic properties to create a dynamic link.
Dynamic links make use of dynamic properties which are inserted as part of the URL. This creates a template URL that will be resolved to an actual URL based on the items properties.
For example, if you want to link to tickets in your ticket system and the format of the URL for tickets in your system is
https://www.my-system/ticket-123
, where123
is the ticket ID, you can use the dynamic property that contains the ticket ID and enter the dynamic URLhttps://www.my-system/ticket-{{ticketID}}
.For scalars, you can only use the dynamic property
value
in dynamic links, which means the link changes when the value of the scalar changes. Since a scalar is just one item, it would also make sense to use a fixed link, for example the link to the website of which you are displaying the response time.For status icon or bars and the rows of a grid, you usually want to use a dynamic link since you get multiple items or rows that represent different things. You can use any of the dynamic properties the mustache picker offers you.
Examples for URLs with dynamic properties for popular APIsDynamic mustache properties and values you need to change according to your instance are highlighted in bold.
ServiceNow incidents:
https://<your-instance>.service-now.com/nav_to.do?uri=%2Fincident.do%3Fsys_id%3D{{sys_id}}
PagerDuty incidents:
{{incident.html_url}}
Azure DevOps projects:
https://dev.azure.com/<your-instance>/{{name}}
Azure DevOps builds:
https://dev.azure.com/<your-instance>/_build/results?buildId={{id}}
Zendesk tickets:
https://<your-instance>.zendesk.com/agent/tickets/{{id}}
Azure Application Insights
https://portal.azure.com/#@squaredup.net/resource/{{ResourceId}}
Label
Allows you to change the label of the results.
name Choose this option if you want to use the default label that has been created automatically.
custom Here you can change the label to a custom label. You can use static text and dynamic properties. Use the mustache picker to select dynamic properties from the response data to use them as labels.
For more information see How to use Custom Labels
Important note if you are using external API properties with hyphens for custom labels (Web API tile, Elasticsearch tile, Splunk tile)Property names that contain hyphens (for example
properties.name-with-hyphens
) can't be processed due to a JavaScript limitation. If you want to use a property that contains a hyphen, you have two options:If you have access to the data source and can change the name of the property, change the name of the property to a name without hyphens.
For example, if your Elasticsearch query uses a property (an aggregation, a grouping or any other property you want to use) with a name that contains a hyphen, you can either access your Elasticsearch instance and change the name there or you can overwrite the name in the query dsl field.
If you can't change the name of the property, you need to enter the property name in the following format:
Original property name:
{{properties.name-with-hyphens.value}}
New format:
{{properties['name-with-hyphens'].value}}
Sublabel
Allows you to add a sublabel of the results.
custom Here you can change the label to a custom label. You can use static text and dynamic properties. Use the mustache picker to select dynamic properties from the response data to use them as labels.
For more information see How to use Custom Labels
Important note if you are using external API properties with hyphens for custom labels (Web API tile, Elasticsearch tile, Splunk tile)Property names that contain hyphens (for example
properties.name-with-hyphens
) can't be processed due to a JavaScript limitation. If you want to use a property that contains a hyphen, you have two options:If you have access to the data source and can change the name of the property, change the name of the property to a name without hyphens.
For example, if your Elasticsearch query uses a property (an aggregation, a grouping or any other property you want to use) with a name that contains a hyphen, you can either access your Elasticsearch instance and change the name there or you can overwrite the name in the query dsl field.
If you can't change the name of the property, you need to enter the property name in the following format:
Original property name:
{{properties.name-with-hyphens.value}}
New format:
{{properties['name-with-hyphens'].value}}
none By default, no sublabels are shown. Sort
Sort allows you to change the order of the results displayed. You can also group them by their characteristics.
default By default, the sorting of the blocks or icons depends on the data source. This can be alphabetical sorting or the order in which data comes back from an API request.
sort by
Sort by label or health state, ascending or descending
group by Group by label or health state, ascending or descending
Image
Here you can choose one of the provided images or upload your own.
Tip: If you want a different selection of maps, you can download more at https://freevectormaps.com/Supported image formats: png, jpg, jpeg, gif, tif, tiff. svg, bmp
Tip: SVG images resize best since they are vector images.File size limit: 10MB
Image size: Images fill the size of the tile, which means you can resize the image by adjusting the tile's size. The size of the tile also depends on the screen the dashboard is being viewed on.
Icons
Here you can customize the icons on the image:
You can change the size of the icons with the slider
You can change the shape of the icons (square or circle)
You can drag the icons on the image into position
Display styles for Status icons
This setting is not done in a panel, you can change the display style even after you finished configuring the tile.
You can use toggle zoom button at the top right of the tile to change between the different ways Status icons can be displayed.
One long list Column list Icons only Settings for Status BlocksLink options
item link:
Allows you to turn the graph item(s) into links. You can either enter plain text to create a fixed link (URL always stays the same) or use dynamic properties to create a dynamic link.
Dynamic links make use of dynamic properties which are inserted as part of the URL. This creates a template URL that will be resolved to an actual URL based on the items properties.
For example, if you want to link to tickets in your ticket system and the format of the URL for tickets in your system is
https://www.my-system/ticket-123
, where123
is the ticket ID, you can use the dynamic property that contains the ticket ID and enter the dynamic URLhttps://www.my-system/ticket-{{ticketID}}
.For scalars, you can only use the dynamic property
value
in dynamic links, which means the link changes when the value of the scalar changes. Since a scalar is just one item, it would also make sense to use a fixed link, for example the link to the website of which you are displaying the response time.For status icon or bars and the rows of a grid, you usually want to use a dynamic link since you get multiple items or rows that represent different things. You can use any of the dynamic properties the mustache picker offers you.
Examples for URLs with dynamic properties for popular APIsDynamic mustache properties and values you need to change according to your instance are highlighted in bold.
ServiceNow incidents:
https://<your-instance>.service-now.com/nav_to.do?uri=%2Fincident.do%3Fsys_id%3D{{sys_id}}
PagerDuty incidents:
{{incident.html_url}}
Azure DevOps projects:
https://dev.azure.com/<your-instance>/{{name}}
Azure DevOps builds:
https://dev.azure.com/<your-instance>/_build/results?buildId={{id}}
Zendesk tickets:
https://<your-instance>.zendesk.com/agent/tickets/{{id}}
Azure Application Insights
https://portal.azure.com/#@squaredup.net/resource/{{ResourceId}}
Label
Allows you to change the label of the results.
name Choose this option if you want to use the default label that has been created automatically.
custom Here you can change the label to a custom label. You can use static text and dynamic properties. Use the mustache picker to select dynamic properties from the response data to use them as labels.
For more information see How to use Custom Labels
Important note if you are using external API properties with hyphens for custom labels (Web API tile, Elasticsearch tile, Splunk tile)Property names that contain hyphens (for example
properties.name-with-hyphens
) can't be processed due to a JavaScript limitation. If you want to use a property that contains a hyphen, you have two options:If you have access to the data source and can change the name of the property, change the name of the property to a name without hyphens.
For example, if your Elasticsearch query uses a property (an aggregation, a grouping or any other property you want to use) with a name that contains a hyphen, you can either access your Elasticsearch instance and change the name there or you can overwrite the name in the query dsl field.
If you can't change the name of the property, you need to enter the property name in the following format:
Original property name:
{{properties.name-with-hyphens.value}}
New format:
{{properties['name-with-hyphens'].value}}
Sublabel
Allows you to add a sublabel of the results.
custom Here you can change the label to a custom label. You can use static text and dynamic properties. Use the mustache picker to select dynamic properties from the response data to use them as labels.
For more information see How to use Custom Labels
Important note if you are using external API properties with hyphens for custom labels (Web API tile, Elasticsearch tile, Splunk tile)Property names that contain hyphens (for example
properties.name-with-hyphens
) can't be processed due to a JavaScript limitation. If you want to use a property that contains a hyphen, you have two options:If you have access to the data source and can change the name of the property, change the name of the property to a name without hyphens.
For example, if your Elasticsearch query uses a property (an aggregation, a grouping or any other property you want to use) with a name that contains a hyphen, you can either access your Elasticsearch instance and change the name there or you can overwrite the name in the query dsl field.
If you can't change the name of the property, you need to enter the property name in the following format:
Original property name:
{{properties.name-with-hyphens.value}}
New format:
{{properties['name-with-hyphens'].value}}
none By default, no sublabels are shown. Sort
Sort allows you to change the order of the results displayed. You can also group them by their characteristics.
default By default, the sorting of the blocks or icons depends on the data source. This can be alphabetical sorting or the order in which data comes back from an API request.
sort by
Sort by label or health state, ascending or descending
group by Group by label or health state, ascending or descending
Blocks
Here you can set the number of columns for the blocks, their height and the font size within the blocks.
Click done to save the tile.
The tile now shows data according to your script.
How to configure a PowerShell profile
- From the top right hand menu ☰ click system.
- Go to the PowerShell tab.
- Click add new profile.
- Enter a name and a description for the new profile.
- Enter the profile script.
- Click add profile.
The profile is now saved and can be used in a PowerShell tile.
When do you need to re-enter PowerShell profiles?
Encrypted information like providers, PowerShell profiles, and Run As accounts can get lost under certain circumstances:
When you are running Dashboard Serverwithout High Availability (HA):
When you change Dashboard Server's application pool identity
When you are running Dashboard Serverwith High Availability (HA):
When you change the license key you are using.
Make sure that you are able to recreate the information after you changed the app pool identity
Managing PowerShell Run As accounts
PowerShell scripts are very powerful and can cause damage when not properly configured. Your Run As accounts contain the credentials a script uses to run as, which means the Run As determines the permissions a PowerShell script has when it is executed. When you are creating Run As accounts, you want to give your PowerShell scripts the minimum permissions needed so that they can do what you intended for them to do without giving them permissions that can be exploited and could lead to security risks.
Best practices for Run As accounts:
1) For all Run As accounts: Use a service account, not a user account for Run As accounts.
Do not use your own or anyone's personal user account for Run As accounts. Instead, create a new account that is not used by a specific person (a "service account"), but only used for running PowerShell scripts. Consider the permissions of this service account carefully.
Required permissions for service accounts:
The service account you use for Run As must have at least the following permission:
Allow log on locally
If you don't use the default NetworkService as your application pool identity, you might see the following error message when using Run As accounts: A required privilege is not held by the client.
In this case you need to add the application pool identity to the following policies:
Adjust memory quotas for a process
Replace a process-level token (you need to reboot the server for this policy to take effect)
The user credentials you enter for the Run As account are used to run all PowerShell scripts in tiles that use the Run As account. Once created, your Run As account can be used by other Dashboard Server administrators to run their scripts. By using your or any user's credentials, you lose control over which scripts are executed in the name of this user which can cause privacy issues. In addition to that, users often have more rights than a script would need. By using a user account with extensive permissions, scripts that use the Run As can exploit those permissions.
From the top right hand menu ☰ click system.
Go to the PowerShell tab.
In the Run As section, click on the + button to add a new Run As.
Enter a name and a description for your new Run As.
Note: Once you have saved the Run As account, you can't change its name anymore. You can always change the description.
Enter the user credentials you want to use for this Run As account.
Do not use your own or anyone's personal user account for Run As accounts. Instead, create a new account that is not used by a specific person (a "service account"), but only used for running PowerShell scripts. Consider the permissions of this service account carefully.
Required permissions for service accounts:
The service account you use for Run As must have at least the following permission:
Allow log on locally
Note for Run As accounts if you are using any other application pool identity than NetworkServiceIf you don't use the default NetworkService as your application pool identity, you might see the following error message when using Run As accounts: A required privilege is not held by the client.
In this case you need to add the application pool identity to the following policies:
Adjust memory quotas for a process
Replace a process-level token (you need to reboot the server for this policy to take effect)
Why shouldn't you use user accounts for Run As accounts?The user credentials you enter for the Run As account are used to run all PowerShell scripts in tiles that use the Run As account. Once created, your Run As account can be used by other Dashboard Server administrators to run their scripts. By using your or any user's credentials, you lose control over which scripts are executed in the name of this user which can cause privacy issues. In addition to that, users often have more rights than a script would need. By using a user account with extensive permissions, scripts that use the Run As can exploit those permissions.
Click save to save the new Run As account.
The Run As account is now available in PowerShell tiles and can be used to execute scripts.
2) We strongly recommend you change the Default Run As account to the credentials you want to use as the default Run As.
Every PowerShell tile needs a Run As and if you haven't created a Run As yet, tiles will use the Default Run As. The Default Run As uses the Dashboard Server app pool to run scripts. The Dashboard Server app pool account might grant too many permissions that are not needed for your scripts and can potentially damage your system, which is why using this default account is not recommended. Create a service account that you want to use for the Default Run As and change the Default Run As to use those credentials.
From the top right hand menu ☰ click system.
Go to the PowerShell tab.
You see the Default Run As. If you haven't changed the Default Run As account yet, you see a yellow icon indicating that the Run As uses the not recommended default setting "run as Dashboard Server app pool".
Click on the Default Run As to edit it.
As long as the Run as Dashboard Server app pool toggle is on, the Default Run As is read only.
Switch the Run as Dashboard Server app pool toggle to off.
Change the description to indicate that the Default Run As no longer uses the Dashboard Server app pool.
Enter the user credentials you want to use for the Default Run As.
Do not use your own or anyone's personal user account for Run As accounts. Instead, create a new account that is not used by a specific person (a "service account"), but only used for running PowerShell scripts. Consider the permissions of this service account carefully.
Required permissions for service accounts:
The service account you use for Run As must have at least the following permission:
Allow log on locally
Note for Run As accounts if you are using any other application pool identity than NetworkServiceIf you don't use the default NetworkService as your application pool identity, you might see the following error message when using Run As accounts: A required privilege is not held by the client.
In this case you need to add the application pool identity to the following policies:
Adjust memory quotas for a process
Replace a process-level token (you need to reboot the server for this policy to take effect)
Why shouldn't you use user accounts for Run As accounts?The user credentials you enter for the Run As account are used to run all PowerShell scripts in tiles that use the Run As account. Once created, your Run As account can be used by other Dashboard Server administrators to run their scripts. By using your or any user's credentials, you lose control over which scripts are executed in the name of this user which can cause privacy issues. In addition to that, users often have more rights than a script would need. By using a user account with extensive permissions, scripts that use the Run As can exploit those permissions.
Click save to save the changes.
The Default Run As profile now uses the user account you entered when executing scripts.
3) Consider disabling the option to use the Dashboard Server app pool for the Default Run As.
To make sure that the Dashboard Server app pool can't be used after you changed the Default Run As, you can disable the option to use the Dashboard Server App pool.
By default, the toggle Run as Dashboard Server app pool is visible in the Default Run As account. By setting this toggle to on, the Default Run As can be (re)set to use the Dashboard Server app pool to run scripts. Dashboard Serveradministrators can disable the toggle to prevent that the Dashboard Serverapp pool can be used for running PowerShell scripts.
If you haven't already done it, change the Default Run As from using the Dashboard Server app pool to using the credentials you want to use.
Note: If you disable the toggle Run as Dashboard Server app pool while the Default Run As still uses the Dashboard Server app pool (toggle on), the credentials in the Default Run As will be empty and any PowerShell tiles using the Default Run As will show an error. You need to go into the Default Run As and enter the credentials you want to use to fix this issue.
How to change the Default Run AsFrom the top right hand menu ☰ click system.
Go to the PowerShell tab.
You see the Default Run As. If you haven't changed the Default Run As account yet, you see a yellow icon indicating that the Run As uses the not recommended default setting "run as Dashboard Server app pool".
Click on the Default Run As to edit it.
As long as the Run as Dashboard Server app pool toggle is on, the Default Run As is read only.
Switch the Run as Dashboard Server app pool toggle to off.
Change the description to indicate that the Default Run As no longer uses the Dashboard Server app pool.
Enter the user credentials you want to use for the Default Run As.
Do not use your own or anyone's personal user account for Run As accounts. Instead, create a new account that is not used by a specific person (a "service account"), but only used for running PowerShell scripts. Consider the permissions of this service account carefully.
Required permissions for service accounts:
The service account you use for Run As must have at least the following permission:
Allow log on locally
Note for Run As accounts if you are using any other application pool identity than NetworkServiceIf you don't use the default NetworkService as your application pool identity, you might see the following error message when using Run As accounts: A required privilege is not held by the client.
In this case you need to add the application pool identity to the following policies:
Adjust memory quotas for a process
Replace a process-level token (you need to reboot the server for this policy to take effect)
Why shouldn't you use user accounts for Run As accounts?The user credentials you enter for the Run As account are used to run all PowerShell scripts in tiles that use the Run As account. Once created, your Run As account can be used by other Dashboard Server administrators to run their scripts. By using your or any user's credentials, you lose control over which scripts are executed in the name of this user which can cause privacy issues. In addition to that, users often have more rights than a script would need. By using a user account with extensive permissions, scripts that use the Run As can exploit those permissions.
Click save to save the changes.
The Default Run As profile now uses the user account you entered when executing scripts.
On the SquaredUp server, run Notepad as administrator (Start, Run, type
notepad
, and then right-click and select Run as administrator).In Notepad, open the
security.json
file from the Dashboard Server folder:...\User\Configuration\security.json
If the file doesn't exist, create it by following these steps and saving the file as
security.json
at the end.Where to find the Dashboard Server folderName of the Dashboard Server folder
The name of the Dashboard Server folder is
SquaredUpv
followed by theproduct version number
.Location of the Dashboard Server folder
The default location for the Dashboard Server folder is
C:\inetpub\wwwroot\SquaredUpv[Version Number]
, but a custom location may have been chosen during the installation.
For example, for Dashboard Server v5 the default folder location isC:\inetpub\wwwroot\SquaredUpv5
and for v4 C:\inetpub\wwwroot\SquaredUpv4
Edit the JSON file to contain the following property:
Copy{
"enable-powershell-run-as-app-pool": false
}If the file already contains settings, then you will need to add a comma at the end of the previous line.
- Save the JSON file.
Recycle the Dashboard Server application pool.
The toggle Run as Dashboard Server app pool is now disabled and hidden. It is not possible to (re)set the Default Run As to use the Dashboard Server app pool anymore.
4) Consider creating different service accounts for running different scripts, depending on what their purpose is and what permissions they need. Save each service account as a different Run As account in Dashboard Server.
When do you need to re-enter Run As accounts?
Encrypted information like providers, PowerShell profiles, and Run As accounts can get lost under certain circumstances:
When you are running Dashboard Serverwithout High Availability (HA):
When you change Dashboard Server's application pool identity
When you are running Dashboard Serverwith High Availability (HA):
When you change the license key you are using.
Make sure that you are able to recreate the information after you changed the app pool identity
How to disable the PowerShell feature
By default, the PowerShell feature is available, but Dashboard Server administrators can globally disable it. When the feature is disabled, any existing PowerShell tiles will still be visible to users as before but the scripts won't be executed anymore. Instead, PowerShell tiles will display the error message "PowerShell functionality is disabled". Administrators will still be able to create and edit PowerShell tiles, profiles and Run As accounts.
On the SquaredUp server, run Notepad as administrator (Start, Run, type
notepad
, and then right-click and select Run as administrator).In Notepad, open the
security.json
file from the Dashboard Server folder:...\User\Configuration\security.json
If the file doesn't exist, create it by following these steps and saving the file as
security.json
at the end.Where to find the Dashboard Server folderName of the Dashboard Server folder
The name of the Dashboard Server folder is
SquaredUpv
followed by theproduct version number
.Location of the Dashboard Server folder
The default location for the Dashboard Server folder is
C:\inetpub\wwwroot\SquaredUpv[Version Number]
, but a custom location may have been chosen during the installation.
For example, for Dashboard Server v5 the default folder location isC:\inetpub\wwwroot\SquaredUpv5
and for v4 C:\inetpub\wwwroot\SquaredUpv4
Edit the JSON file to contain the following property:
Copy{
"enable-powershell-execution": false
}If the file already contains settings, then you will need to add a comma at the end of the previous line.
- Save the JSON file.
Recycle the Dashboard Server application pool.
The PowerShell feature is now disabled. Scripts in existing PowerShell tiles won't be executed anymore.
Tips for your PowerShell scripts
You can make your PowerShell scripts responsive to the current page timeframe setting:
Since the timeframe values are strings, you need to convert the $timeFrame
variable into a TimeSpan
object:
$timeSpan = [TimeSpan]::MaxValue
switch ($timeFrame) {
"last1Hour" { $timeSpan = [TimeSpan]::FromHours(1) }
"last12Hours" { $timeSpan = [TimeSpan]::FromHours(12) }
"last24Hours" { $timeSpan = [TimeSpan]::FromHours(24) }
"last7Days" { $timeSpan = [TimeSpan]::FromDays(7) }
"last30Days" { $timeSpan = [TimeSpan]::FromDays(30) }
"last3Months" { $now = [DateTime]::Now; $timeSpan = $now - $now.AddMonths(-3) }
"last6Months" { $now = [DateTime]::Now; $timeSpan = $now - $now.AddMonths(-6) }
"last12Months" { $now = [DateTime]::Now; $timeSpan = $now - $now.AddYears(-1) }
}
"TimeSpan is {0}" -f $timeSpan
The above script returns a TimeSpan
object calculated from the $timeFrame
variable as the following:
Troubleshooting
You can control when the script will run into a timeout. By default, scripts will be aborted after 1 min. You can define a longer timeout for long running scripts.
Best practice:
Even if you can use long running scripts by setting the timeout to several minutes, you shouldn't use scripts that run for a long time. Long running scripts lead to tiles that show a loading spinner for minutes and are not user-friendly.
Tip:
Instead of setting the timeout for scripts to a longer time, run the script outside of Dashboard Server periodically, and store the results in a CSV file. Create a PowerShell tile that accesses and visualizes the results in the CSV file.
You can increase the timeout for your script in the Environment panel of a tile (jump to the settings for the Environment: panel).
When writing your PowerShell script, make sure that the output of your commands goes to the output stream and not other streams like host or debug. PowerShell tiles only process data sent to the output stream.
If the results don't change when you reload the dashboard, the interval for the tile is probably set to a longer time and you are looking at the cached results during the interval time.
The interval enables you to limit how often a script gets executed in Dashboard Server. For example, you might want to run a script less frequently if it makes a request to an API that charges you per request or an API that puts a limit on how many requests you can make within a time period.
How does the interval affect how often PowerShell scripts are run in Dashboard Server?
By default, a PowerShell script will be executed every time the dashboard refreshes (every minute). If you set the interval to 10 mins, you create a 10 min cache for your script results and your script won't run until the last fetched results are 10 mins old.
The interval is not a schedule, it does not trigger a script execution every 10 mins. Scripts will only be executed when the dashboard is reloaded and the results in the cache are older than the interval (10 mins in this example). The cache is valid for all users, which means if another user opens the same dashboard in Dashboard Server or via Open Access and the script has been executed 5 mins ago, they see the cached results immediately but have to wait for 5 mins to see fresh results.
Can multiple tiles share the same cache?
Identical tiles share the same cache. For tiles to be considered identical, the JSON code of both tiles needs to be identical. If you want to use identical tiles to reduce the load on the back-end, you can copy the JSON from one tile and paste it into a different tile.
The shared cache works across your whole Dashboard Server instance on:
- All dashboards (including Open Access dashboards), as long as they use the same page timeframe
- Perspectives for the same object on the same drill-down using the same page timeframe
If you are using HA, make sure .NET Core is installed on all HA machines. If you configured a tile to use the NET core option and try to view the tile on a HA machine that doesn't have .NET Core installed, the tile will display the error message "PowerShell host process returned errors: A fatal error occurred. The required library hostfxr.dll could not be found."
If you don't use the default NetworkService as your application pool identity, you might see the following error message when using Run As accounts: A required privilege is not held by the client.
In this case you need to add the application pool identity to the following policies:
Adjust memory quotas for a process
Replace a process-level token (you need to reboot the server for this policy to take effect)