Deploying PowerShell Web Access using PowerShell

Home > Blogs > PowerShell > Deploying PowerShell Web Access using PowerShell

Deploying PowerShell Web Access using PowerShell

Like This Blog 1 Jason Helmick
Added by September 17, 2012

Windows PowerShell Web Access is an option you should consider for remotely managing your network. In a nutshell, PSWA is a web server that you can log in to and get a PowerShell console through any web browser.

This content applies to Server 2012

Using PSWA from a web browser - PowerShell Web Access

Figure – Using PSWA from a web browser

In this article I’ll show you how to setup a test environment using the default settings for PSWA. You should try this first before implementing it into production to get a feel for the process. In later articles I will discuss custom implementations and security practices.

The setup

You will need a VM or a physical test box running Server 2012 and IIS 8. You do not need to install IIS as the PSWA installation process will take care of this for you. You should enable PowerShell remoting on the server. In my case, I prefer to use Core servers so PowerShell remoting is the best method to manage those.

The server needs to be a member of a domain (Domain does not need to be Server 2012), so if you’re just testing PSWA you could make this server a DC or join it to a test domain in your lab.

I have a management box running Windows 8 that I will issue the cmdlets from, but Windows 7 works just as well.

Performing a default installation of Windows PowerShell Web Access

The first step is to open a PowerShell remoting session to the test server. You will perform the installation and configuration of PSWA completely remote.

PS> $session=New-PsSession –ComputerName ServerPSWA

Install the feature for Windows PowerShell Web Access using the Install-WindowsFeature cmdlet.

PS> Invoke-Command –Session $Session {Install-WindowsFeature WindowsPowerShellWebAccess}

The installation process will also install IIS, the required components for IIS such as NET4.5 and include a module of cmdlets to complete the process. If you want to get a list of the cmdlets and poke around the help do the following:

PS> Invoke-Command –Session $Session {Get-Help *PSWA*}

The next step in the process is to install the PSWA web application. By default this will create a web application named PSWA off the default web site. In later articles I will demonstrate how to change this, but for testing purposes try the default first.

When you install the PSWA web application you will also need a certificate. The installation cmdlet Install-PswaWebApplication has a switch that will install a temporary (90 days) test certificate or you can use one of your trusted certs.

PS> Invoke-Command –Session $Session {Install-PswaWebApplication –UseTestCertificate}

Before you can sign in and test PSWA you must create and authorization rule. This rule (or collection of rules) set the security for PSWA. There are three components you will need to consider.

  1. Users and Groups (Who will need to use PSWA)
  2. Computers or ComputerGroups (What will the need to manage)
  3. Custom configurations (restricted runspaces if needed)

In the following cmdlet I’m enabling the domain administrator to manage only the test server using the default PowerShell configuration.

PS> Invoke-Command –Session $Session {Add-PswaAuthorizationRule -UserName Company\administrator -ComputerName ServerPSWA –ConfigurationName Microsoft.PowerShell}

I want to warn you that on many websites and blogs you will see rule similar to the following. This rule allows all users access to all computers. This is a rule you can use for a test/lab environment, but it’s not a good practice in production.  You should create specific rules.

*Note, don’t use this anywhere other than a test/lab environment.

PS> Invoke-Command –Session $Session {Add-PswaAuthorizationRule * * *}

At this point your ready to try PSWA. I created an A record in DNS for the default web site and launched my browser for the test. Sign into PSWA with credentials that you authorized with the above rule.

PS> Start iexplore

PSWA is a great option to consider if you need to be able to manage your network from any device and where in the world. Check back later for articles on customizing the installation and security practices!

For more on this subject, read Deploying IIS websites to a web farm using PowerShell

Knowledge is PowerShell,

Jason Helmick

Jason is Director of PowerShell Technologies and an Instructor at Interface Technical Training in Phoenix, AZ.

Upcoming PowerShell classes taught by Jason:

Attend in person or Online with RemoteLive. Also available in Video Training.

Videos You May Like

A Simple Introduction to Cisco CML2

0 3852 0

Mark Jacob, Cisco Instructor, presents an introduction to Cisco Modeling Labs 2.0 or CML2.0, an upgrade to Cisco’s VIRL Personal Edition. Mark demonstrates Terminal Emulator access to console, as well as console access from within the CML2.0 product. Hello, I’m Mark Jacob, a Cisco Instructor and Network Instructor at Interface Technical Training. I’ve been using … Continue reading A Simple Introduction to Cisco CML2

Cable Testers and How to Use them in Network Environments

0 713 1

This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader demonstrates how to use cable testers in network environments. Let’s look at some tools that we can use to test our different cables in our environment. Cable Testers Properly Wired Connectivity … Continue reading Cable Testers and How to Use them in Network Environments

Government Edition – Encrypting a USB Flash Drive in Windows 10

0 271 2

In this video, Security Instructor Mike Danseglio demonstrates how to use BitLocker in Window 10 to secure files on a USB Flash drive that adhere to stricter data protection requirements as found inside Government entities. BitLocker 2-day instructor-led training is now available at Interface: BITLOCK: Planning and Deploying BitLocker Drive Encryption Training Video Transcription: Hi. … Continue reading Government Edition – Encrypting a USB Flash Drive in Windows 10

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.