Deploying PowerShell Web Access using PowerShell

Home > Blogs > PowerShell > Deploying PowerShell Web Access using PowerShell

Deploying PowerShell Web Access using PowerShell

Like This Blog 1 Jason Helmick
Added by September 17, 2012

Windows PowerShell Web Access is an option you should consider for remotely managing your network. In a nutshell, PSWA is a web server that you can log in to and get a PowerShell console through any web browser.

This content applies to Server 2012

Using PSWA from a web browser - PowerShell Web Access

Figure – Using PSWA from a web browser

In this article I’ll show you how to setup a test environment using the default settings for PSWA. You should try this first before implementing it into production to get a feel for the process. In later articles I will discuss custom implementations and security practices.

The setup

You will need a VM or a physical test box running Server 2012 and IIS 8. You do not need to install IIS as the PSWA installation process will take care of this for you. You should enable PowerShell remoting on the server. In my case, I prefer to use Core servers so PowerShell remoting is the best method to manage those.

The server needs to be a member of a domain (Domain does not need to be Server 2012), so if you’re just testing PSWA you could make this server a DC or join it to a test domain in your lab.

I have a management box running Windows 8 that I will issue the cmdlets from, but Windows 7 works just as well.

Performing a default installation of Windows PowerShell Web Access

The first step is to open a PowerShell remoting session to the test server. You will perform the installation and configuration of PSWA completely remote.

PS> $session=New-PsSession –ComputerName ServerPSWA

Install the feature for Windows PowerShell Web Access using the Install-WindowsFeature cmdlet.

PS> Invoke-Command –Session $Session {Install-WindowsFeature WindowsPowerShellWebAccess}

The installation process will also install IIS, the required components for IIS such as NET4.5 and include a module of cmdlets to complete the process. If you want to get a list of the cmdlets and poke around the help do the following:

PS> Invoke-Command –Session $Session {Get-Help *PSWA*}

The next step in the process is to install the PSWA web application. By default this will create a web application named PSWA off the default web site. In later articles I will demonstrate how to change this, but for testing purposes try the default first.

When you install the PSWA web application you will also need a certificate. The installation cmdlet Install-PswaWebApplication has a switch that will install a temporary (90 days) test certificate or you can use one of your trusted certs.

PS> Invoke-Command –Session $Session {Install-PswaWebApplication –UseTestCertificate}

Before you can sign in and test PSWA you must create and authorization rule. This rule (or collection of rules) set the security for PSWA. There are three components you will need to consider.

  1. Users and Groups (Who will need to use PSWA)
  2. Computers or ComputerGroups (What will the need to manage)
  3. Custom configurations (restricted runspaces if needed)

In the following cmdlet I’m enabling the domain administrator to manage only the test server using the default PowerShell configuration.

PS> Invoke-Command –Session $Session {Add-PswaAuthorizationRule -UserName Company\administrator -ComputerName ServerPSWA –ConfigurationName Microsoft.PowerShell}

I want to warn you that on many websites and blogs you will see rule similar to the following. This rule allows all users access to all computers. This is a rule you can use for a test/lab environment, but it’s not a good practice in production.  You should create specific rules.

*Note, don’t use this anywhere other than a test/lab environment.

PS> Invoke-Command –Session $Session {Add-PswaAuthorizationRule * * *}

At this point your ready to try PSWA. I created an A record in DNS for the default web site and launched my browser for the test. Sign into PSWA with credentials that you authorized with the above rule.

PS> Start iexplore https://www.company.loc/pswa

PSWA is a great option to consider if you need to be able to manage your network from any device and where in the world. Check back later for articles on customizing the installation and security practices!

For more on this subject, read Deploying IIS websites to a web farm using PowerShell

Knowledge is PowerShell,

Jason Helmick

Jason is Director of PowerShell Technologies and an Instructor at Interface Technical Training in Phoenix, AZ.

Upcoming PowerShell classes taught by Jason:

Attend in person or Online with RemoteLive. Also available in Video Training.

Videos You May Like

Creating Users and Managing Passwords in Microsoft Office 365

0 506 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.

Subnetting a TCP/IP Network using the Magic Box Method

0 1252 4

In this session, we are going to look at how to subnet a Class B address into multiple network segments using what's called The Magic Box. Let's run through this real quick.

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 485 3

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

See what people are saying...

  1. Avatar Charles Derber

    This one’s cool… Jason 🙂

Share your thoughts...

Please fill out the comment form below to post a reply.