Tuesday, June 18, 2013

PowerShell Web Access

PowerShell Web Access (PWA) is a fast, easy and secured method of accessing and managing the servers on your network from the outside. From any device, be it a phone, tablet or laptop, you can use ANY web browser to connect to PWA running on a web server and have a PowerShell console at your finger tips. If you have never seen it before, hold on to your socks because this will blow them off.

Requirements :

> Windows Server 2012
> IIS 8 and .Net 4.5 , PWA installation handles installation for both.

Installing Windows PowerShell Web Access :

Execute the below command in a PowerShell console
PS> Get-WindowsFeature *PowerShell*
You will see the feature Windows PowerShell Web Access listed.

PS> Install-WindowsFeature WindowsPowerShellWebAccess

Installing the PWA web application :

PWA is a web application that runs as part of the ‘Default Web Site’ in IIS.

PS> Get-Help *PSWA*
You will notice six cmdlets for PWA that will help in the installation, configuration and removal of PWA. The one we want to start with is Install-PswaWebApplication.

PS> Install-PswaWebApplication –UseTestCertificate
This cmdlet will perform several tasks for you so you don’t need to learn much about IIS. It will do below mentioned :

Create a new application pool for PWA
Create a new application – folder pswa off the default site – for PWA
Assign the application to the website files located in C:\Windows\web\PowerShellWebAccess\wwwroot
Assign a temporary non-trusted certificate for SSL to the site (this is only good for 90 days and should never be used in production).
Create a binding for HTTPS

Authorizing users for PWA usage :

You need to create an Authorization Rule (even several) that permits administrative users with the ability to use PWA and specify the servers they can manage. You will also need to specify a Remoting custom endpoint (if needed) that can restrict users to certain cmdlets and modules.

Below cmdlet specifies the specific user or group of users that have access to use PWA and the remote computers they are allowed to access:

PS> Add-PswaAuthorizationRule -UserName 'Company\Administrator' -ComputerName dc.company.loc -ConfigurationName *

Testing PWA:

Open a web browser and type in the URL HTTPS://servername/pswa  or use below in PowerShell

PS> Start iexplore HTTPS://servername/pswa
You will first be warned of the non-trusted certificate, go ahead and continue. At the login screen, enter an authorized user name (including domain), the password and the remote server you added with the authorization rule.

Now you'll see a PowerShell Console in a Web browser.

No comments:

Post a Comment