Quickstart¶
This is the shortest path from a clean workstation to a finished Ranger package.
Step 1: Check Prerequisites¶
Use -InstallPrerequisites in an elevated session if you want Ranger to install missing RSAT and Az dependencies.
Step 2: Generate a Config Scaffold¶
The generated YAML is annotated and marks mandatory values with [REQUIRED].
Step 3: Fill in Required Values¶
At minimum, update:
environment.nametargets.cluster.fqdnortargets.cluster.nodestargets.azure.subscriptionIdtargets.azure.tenantIdtargets.azure.resourceGroupcredentials.cluster.username
Step 4: Run Discovery¶
You can override structural values at runtime, for example:
Invoke-AzureLocalRanger \
-ConfigPath .\ranger.yml \
-ClusterFqdn tplabs-clus01.contoso.com \
-EnvironmentName tplabs-prod-01
Step 5: Open the Output Package¶
By default Ranger writes to:
Key artifacts are:
manifest\audit-manifest.jsonpackage-index.jsonranger.logreports\*.htmlreports\*.docxreports\*.pdfreports\*.xlsxdiagrams\*.svg
Step 6: Re-Render Without Live Access¶
Export-AzureLocalRangerReport \
-ManifestPath .\manifest\audit-manifest.json \
-Formats html,markdown,docx,xlsx,pdf,svg
That reuses the saved manifest and does not reconnect to the cluster or Azure.
Step 7: Schedule an Unattended Run¶
For recurring runs, use -Unattended so Ranger never prompts for input and emits a scheduler-friendly run-status.json file.
Invoke-AzureLocalRanger \
-ConfigPath .\ranger.yml \
-Unattended \
-OutputPath \\fileserver\AzureLocalRanger \
-BaselineManifestPath .\baseline\audit-manifest.json
Recommended unattended credential posture:
- Azure: service principal, managed identity, or pre-existing Az context
- Secrets:
keyvault://references instead of inline passwords - Scheduler templates: see
samples/task-scheduler-azurelocalranger.xmlandsamples/github-actions-scheduled-ranger.yml