Manage IGEL UMS
from your browser
A local web interface for IGEL UMS — powered by PSIGEL and PowerShell, with a strict command allowlist and no raw shell exposure.
Browser UI
→
Node.js API
→
PowerShell
→
PSIGEL
→
IGEL UMS
Features
Strict allowlist
Only commands defined in config/commands.json can be executed. No raw PowerShell from the browser — ever.
Danger confirmation
Write commands like Restart, Remove, Update, and Move require typing RUN before execution.
DPAPI credentials
UMS credentials are stored via Windows Export-Clixml — encrypted to your user account, never in plaintext.
Local-first
Binds to 127.0.0.1 by default. Designed for local use or SSH tunnel — not public internet.
Data-driven
Add new PSIGEL commands by editing commands.json. No code changes needed.
Clean UI
Sidebar with grouped commands, JSON syntax highlighting, keyboard shortcuts, and live status indicator.
Command catalog
| Command | PSIGEL function | Type | Description |
|---|---|---|---|
| Status | |||
| get-status | Get-UMSStatus | read | UMS server status and version |
| get-firmware | Get-UMSFirmware | read | Registered firmware versions |
| Devices | |||
| get-device | Get-UMSDevice | read | Device list with optional details filter |
| start-device | Start-UMSDevice | write | Wake-on-LAN a device by Id |
| stop-device | Stop-UMSDevice | write | Shut down a device by Id |
| restart-device | Restart-UMSDevice | write | Restart a device by Id |
| send-device-settings | Send-UMSDeviceSetting | write | Push current profile settings to a device |
| update-device | Update-UMSDevice | write | Update device metadata (Name, Site, Department…) |
| move-device | Move-UMSDevice | write | Move device to a directory |
| remove-device | Remove-UMSDevice | write | Delete a device from UMS |
| reset-device | Reset-UMSDevice | write | Reset device to factory defaults |
| Device Directories | |||
| get-device-directory | Get-UMSDeviceDirectory | read | List device directories |
| new-device-directory | New-UMSDeviceDirectory | write | Create a device directory |
| update-device-directory | Update-UMSDeviceDirectory | write | Rename a device directory |
| move-device-directory | Move-UMSDeviceDirectory | write | Move a device directory into another |
| remove-device-directory | Remove-UMSDeviceDirectory | write | Delete a device directory (must be empty) |
| Profiles | |||
| get-profile | Get-UMSProfile | read | List all profiles |
| update-profile | Update-UMSProfile | write | Rename a profile |
| move-profile | Move-UMSProfile | write | Move a profile to a directory |
| remove-profile | Remove-UMSProfile | write | Delete a profile from UMS |
| Profile Directories | |||
| get-profile-directory | Get-UMSProfileDirectory | read | List profile directories |
| new-profile-directory | New-UMSProfileDirectory | write | Create a profile directory |
| update-profile-directory | Update-UMSProfileDirectory | write | Rename a profile directory |
| move-profile-directory | Move-UMSProfileDirectory | write | Move a profile directory into another |
| remove-profile-directory | Remove-UMSProfileDirectory | write | Delete a profile directory (must be empty) |
| Assignments | |||
| get-device-assignments | Get-UMSDeviceAssignment | read | Profiles assigned to a specific device |
| get-device-directory-assignments | Get-UMSDeviceDirectoryAssignment | read | Profiles assigned to a device directory |
| get-profile-assignments | Get-UMSProfileAssignment | read | Devices and directories assigned to a profile |
| assign-profile | New-UMSProfileAssignment | write | Assign a profile to a device or directory |
| remove-profile-assignment | Remove-UMSProfileAssignment | write | Remove a profile assignment |
Quick install
# On the Windows server that can reach IGEL UMS
cd C:\mq-ums
# Install PSIGEL and Node deps
.\scripts\install-windows.ps1
# Save credentials (DPAPI encrypted)
.\scripts\New-UmsCredential.ps1 -Path C:\mq-ums\ums.cred.xml
# Configure and start
copy .env.example .env
npm start
# Open http://127.0.0.1:8787
cd C:\mq-ums
# Install PSIGEL and Node deps
.\scripts\install-windows.ps1
# Save credentials (DPAPI encrypted)
.\scripts\New-UmsCredential.ps1 -Path C:\mq-ums\ums.cred.xml
# Configure and start
copy .env.example .env
npm start
# Open http://127.0.0.1:8787
Security model
- No raw PowerShell accepted from the browser
- All commands validated against
config/commands.jsonallowlist on every request - Arg values checked against safe charset before reaching PowerShell
- Write commands blocked unless client sends correct
confirmText - Credentials stored via Windows DPAPI — never in
.envor plaintext - API binds to
127.0.0.1by default - Optional API key via
MQ_UMS_API_KEY