Deploying PowerShell Web Access using PowerShell

Home > Blogs > PowerShell > Deploying PowerShell Web Access using PowerShell

Deploying PowerShell Web Access using PowerShell

Like This Blog 1 Jason Helmick
Added by September 17, 2012

Windows PowerShell Web Access is an option you should consider for remotely managing your network. In a nutshell, PSWA is a web server that you can log in to and get a PowerShell console through any web browser.

This content applies to Server 2012

Using PSWA from a web browser - PowerShell Web Access

Figure – Using PSWA from a web browser

In this article I’ll show you how to setup a test environment using the default settings for PSWA. You should try this first before implementing it into production to get a feel for the process. In later articles I will discuss custom implementations and security practices.

The setup

You will need a VM or a physical test box running Server 2012 and IIS 8. You do not need to install IIS as the PSWA installation process will take care of this for you. You should enable PowerShell remoting on the server. In my case, I prefer to use Core servers so PowerShell remoting is the best method to manage those.

The server needs to be a member of a domain (Domain does not need to be Server 2012), so if you’re just testing PSWA you could make this server a DC or join it to a test domain in your lab.

I have a management box running Windows 8 that I will issue the cmdlets from, but Windows 7 works just as well.

Performing a default installation of Windows PowerShell Web Access

The first step is to open a PowerShell remoting session to the test server. You will perform the installation and configuration of PSWA completely remote.

PS> $session=New-PsSession –ComputerName ServerPSWA

Install the feature for Windows PowerShell Web Access using the Install-WindowsFeature cmdlet.

PS> Invoke-Command –Session $Session {Install-WindowsFeature WindowsPowerShellWebAccess}

The installation process will also install IIS, the required components for IIS such as NET4.5 and include a module of cmdlets to complete the process. If you want to get a list of the cmdlets and poke around the help do the following:

PS> Invoke-Command –Session $Session {Get-Help *PSWA*}

The next step in the process is to install the PSWA web application. By default this will create a web application named PSWA off the default web site. In later articles I will demonstrate how to change this, but for testing purposes try the default first.

When you install the PSWA web application you will also need a certificate. The installation cmdlet Install-PswaWebApplication has a switch that will install a temporary (90 days) test certificate or you can use one of your trusted certs.

PS> Invoke-Command –Session $Session {Install-PswaWebApplication –UseTestCertificate}

Before you can sign in and test PSWA you must create and authorization rule. This rule (or collection of rules) set the security for PSWA. There are three components you will need to consider.

  1. Users and Groups (Who will need to use PSWA)
  2. Computers or ComputerGroups (What will the need to manage)
  3. Custom configurations (restricted runspaces if needed)

In the following cmdlet I’m enabling the domain administrator to manage only the test server using the default PowerShell configuration.

PS> Invoke-Command –Session $Session {Add-PswaAuthorizationRule -UserName Company\administrator -ComputerName ServerPSWA –ConfigurationName Microsoft.PowerShell}

I want to warn you that on many websites and blogs you will see rule similar to the following. This rule allows all users access to all computers. This is a rule you can use for a test/lab environment, but it’s not a good practice in production.  You should create specific rules.

*Note, don’t use this anywhere other than a test/lab environment.

PS> Invoke-Command –Session $Session {Add-PswaAuthorizationRule * * *}

At this point your ready to try PSWA. I created an A record in DNS for the default web site and launched my browser for the test. Sign into PSWA with credentials that you authorized with the above rule.

PS> Start iexplore https://www.company.loc/pswa

PSWA is a great option to consider if you need to be able to manage your network from any device and where in the world. Check back later for articles on customizing the installation and security practices!

For more on this subject, read Deploying IIS websites to a web farm using PowerShell

Knowledge is PowerShell,

Jason Helmick

Jason is Director of PowerShell Technologies and an Instructor at Interface Technical Training in Phoenix, AZ.

Upcoming PowerShell classes taught by Jason:

Attend in person or Online with RemoteLive. Also available in Video Training.

Videos You May Like

Subnetting a TCP/IP Network using the Magic Box Method

0 1611 5

See our class schedule for complete Course Schedule Training. Classes are held in Phoenix, AZ and can be attended online from anywhere in the world with RemoteLive™. Instructor: Rick Trader  Video Transcription: One of the things that we might have to do in our corporate network is to take a class of IP addresses and then subnet that into … Continue reading Subnetting a TCP/IP Network using the Magic Box Method

How to clone a Windows Server 2012 or 2012 R2 Domain Controller

3 1480 3

One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 606 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

See what people are saying...

  1. Avatar Charles Derber

    This one’s cool… Jason 🙂

Share your thoughts...

Please fill out the comment form below to post a reply.