I created a new console for Microsoft System Center Orchestrator. It doesn't require Silverlight.
Pros over the standard console:
The form for launching runbooks supports drop-down lists, check-boxes, fields for entering dates and numbers
Validation of required fields (runbook will not run with an empty required parameter)
Parameters are displayed in sorted order, and do not dance haphazardly (it is enough to number them)
Restarting runbooks with previously entered parameters
Escaping a single quote when passing parameters to the runbook (so that you cannot inject into the runbook code)
The description of the runbook is displayed in the launch window
Does not require Silverlight
The console works from under a service account and all runbooks are launched from under it
Access control is regulated in the console settings
This is how the form looks in the native console:
Same form in WebSCO:
To improve the responsiveness of the console, lists of folders, runbooks and their parameters are loaded into the local database. And to reduce the number of LDAP requests when checking access rights, you can use memcached.
Access to runbooks is regulated less conveniently by folders, but also through AD groups. When configuring, you need to specify the DN of the groups. There is no inheritance, but it is possible to copy the rights to all subfolders.
In order to hide the service account password in the config, you can configure Kerberos authentication using the keytab file.
In order for the fields to be displayed as a drop-down list, check-box or calendar for entering a date, you need to add flags to the field names to the end after / slash:
s - regular input field (string)
l - dropdown list (list)
d - field for entering date (date)
t - field for entering time (time)
dt - field for entering date with time (datetime)
i - field for entering integers (integer)
a - field with autocomplete for entering SamAccountName (query LDAP) (account)
c - field with autocomplete for entering computer name (query LDAP) (computer)
m - field with autocomplete for entering e-mail (query LDAP) (mail)
f - checkboxes switches (flags)
u - field for select file, the file will be transferred as a base64 string (upload)
w - hidden field with login who start runbook in WebSCO (who run)
r - the flag means that the parameter is required
You can also use * (asterisk) before the slash to indicate a required parameter.
For a list and check-boxes, in addition, before the slash in brackets, you need to list the parameters separated by commas. For example:
Select the type of access (admin, guest)*/l
This field will turn into a drop-down list with two values admin and guest and will be required.
2. Select the protocol (HTTP, HTTPS)/rf
In this case, two HTTP and HTTPS checkboxes will be displayed, and at least one must be checked. The flag r is specified (analogous to the asterisk from the example above). The selected HTTP will correspond to set bit 1, and HTTPS, respectively, to bit 2. Check-boxes will be difficult to reproduce in the standard console if, for some reason, you have to run the runbook from it.
After completing the configuration, you need to load the list of runbooks into the database by running Sync. And download every time after adding new and changing existing runbooks (do not forget about the Orchestrator glitch, when the user does not immediately see the new runbook and needs to clear the cache). Loading Jobs is not necessary and takes a long time (I have ~ 20,000 jobs loaded for about 30 minutes), if they have already started, then you need to wait for the download to finish without interrupting or restarting it.
I use the following PowerShell template to create runbooks.
Installation is fairly straightforward if you don't use Kerberos. You need Apache, MariaDB, PHP, memcached. On Windows, I think it will also start in some like XAMPP.
Project WebSCO on GitHub