Deploying PowerShell Web Access using PowerShell

Home > Blogs > PowerShell > Deploying PowerShell Web Access using PowerShell

Deploying PowerShell Web Access using PowerShell

Like This Blog 1 Jason Helmick
Added by September 17, 2012

Windows PowerShell Web Access is an option you should consider for remotely managing your network. In a nutshell, PSWA is a web server that you can log in to and get a PowerShell console through any web browser.

This content applies to Server 2012

Using PSWA from a web browser - PowerShell Web Access

Figure – Using PSWA from a web browser

In this article I’ll show you how to setup a test environment using the default settings for PSWA. You should try this first before implementing it into production to get a feel for the process. In later articles I will discuss custom implementations and security practices.

The setup

You will need a VM or a physical test box running Server 2012 and IIS 8. You do not need to install IIS as the PSWA installation process will take care of this for you. You should enable PowerShell remoting on the server. In my case, I prefer to use Core servers so PowerShell remoting is the best method to manage those.

The server needs to be a member of a domain (Domain does not need to be Server 2012), so if you’re just testing PSWA you could make this server a DC or join it to a test domain in your lab.

I have a management box running Windows 8 that I will issue the cmdlets from, but Windows 7 works just as well.

Performing a default installation of Windows PowerShell Web Access

The first step is to open a PowerShell remoting session to the test server. You will perform the installation and configuration of PSWA completely remote.

PS> $session=New-PsSession –ComputerName ServerPSWA

Install the feature for Windows PowerShell Web Access using the Install-WindowsFeature cmdlet.

PS> Invoke-Command –Session $Session {Install-WindowsFeature WindowsPowerShellWebAccess}

The installation process will also install IIS, the required components for IIS such as NET4.5 and include a module of cmdlets to complete the process. If you want to get a list of the cmdlets and poke around the help do the following:

PS> Invoke-Command –Session $Session {Get-Help *PSWA*}

The next step in the process is to install the PSWA web application. By default this will create a web application named PSWA off the default web site. In later articles I will demonstrate how to change this, but for testing purposes try the default first.

When you install the PSWA web application you will also need a certificate. The installation cmdlet Install-PswaWebApplication has a switch that will install a temporary (90 days) test certificate or you can use one of your trusted certs.

PS> Invoke-Command –Session $Session {Install-PswaWebApplication –UseTestCertificate}

Before you can sign in and test PSWA you must create and authorization rule. This rule (or collection of rules) set the security for PSWA. There are three components you will need to consider.

  1. Users and Groups (Who will need to use PSWA)
  2. Computers or ComputerGroups (What will the need to manage)
  3. Custom configurations (restricted runspaces if needed)

In the following cmdlet I’m enabling the domain administrator to manage only the test server using the default PowerShell configuration.

PS> Invoke-Command –Session $Session {Add-PswaAuthorizationRule -UserName Company\administrator -ComputerName ServerPSWA –ConfigurationName Microsoft.PowerShell}

I want to warn you that on many websites and blogs you will see rule similar to the following. This rule allows all users access to all computers. This is a rule you can use for a test/lab environment, but it’s not a good practice in production.  You should create specific rules.

*Note, don’t use this anywhere other than a test/lab environment.

PS> Invoke-Command –Session $Session {Add-PswaAuthorizationRule * * *}

At this point your ready to try PSWA. I created an A record in DNS for the default web site and launched my browser for the test. Sign into PSWA with credentials that you authorized with the above rule.

PS> Start iexplore

PSWA is a great option to consider if you need to be able to manage your network from any device and where in the world. Check back later for articles on customizing the installation and security practices!

For more on this subject, read Deploying IIS websites to a web farm using PowerShell

Knowledge is PowerShell,

Jason Helmick

Jason is Director of PowerShell Technologies and an Instructor at Interface Technical Training in Phoenix, AZ.

Upcoming PowerShell classes taught by Jason:

Attend in person or Online with RemoteLive. Also available in Video Training.

Videos You May Like

Windows 10 Managing, Deploying and Configuring – December 2, 2015

0 449 1

In this recorded Windows 10 training webinar from December 2, 2015, Windows Server instructor Rick Trader presents the deployment and management of Windows 10 Enterprise and the new Provisioning capability in Windows 10. Learn how to manage Windows 10 deployments using System Center Configuration Manager, Mobile Device Management and Intune. Also included in his presentation … Continue reading Windows 10 Managing, Deploying and Configuring – December 2, 2015

Windows 10 Features and Navigation – December 1, 2015

0 123 1

In this recorded Windows 10 webinar from December 1,2015, Windows Instructor Steve Fullmer presents the navigation and some of the new features associated with Windows 10 including Sysinternals Tools for Windows Client, Windows core concepts, exploring Process Explorer as well as some of the features that are not yet ready for prime time but will … Continue reading Windows 10 Features and Navigation – December 1, 2015

How to clone a Windows Server 2012 or 2012 R2 Domain Controller

3 1636 3

One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.