PowerShell Web Access

Windows PowerShell Web Access provides a web-based Windows PowerShell console. The web-based console lets you run PowerShell commands and scripts in a web browser. You can even use PowerShell Web Access to access the PowerShell of your servers remotely on a smartphone or tablet. Additionally, you can use all commandlets (cmdlets) that are available on the server.

PowerShell Web Access requires you to have at least the web server (IIS), .NET Framework 4.5, and PowerShell 3.0 installed on the server on which you run the gateway.

You can install PowerShell Web Access with Server Manager or PowerShell; the necessary roles and features are added automatically. Just expand the Features item on the Select Features page of the Add Roles and Features Wizard and select Windows PowerShell Web Access . Alternatively, you can use the following PowerShell cmdlet for the install:

Install-WindowsFeature -Name WindowsPowerShellWebAccess-ComputerName Name of the Server-IncludeManagementTools-Restart

After installing PowerShell Web Access, the next step is to set up the gateway for PowerShell Web Access. The Install-PswaWebApplication cmdlet provides a quick approach to configuring PowerShell Web Access.

You can install a self-signed SSL certificate with the option -UseTestCertificate. Using the IIS Manager console, replace the test certificate with a signed certificate. Running this cmdlet installs the PowerShell Web Access web application in the default web site container of IIS. You can access the website by following the link to https://[Servername]/pswa . However, you can only log on after granting users access to the site by adding authorization rules.

After you've installed PowerShell Web Access and set up the gateway with the website and the certificate, you still need to allow users to access PowerShell via Web Access. To do this in a PowerShell session launched with extended user rights (Run as administrator ), you would run the commands shown in Listing 1.

01 $applicationPoolName = "Name of the PSWA application pool"
02 $authorizationFile = C:\windows\web\ powershellwebaccess\data\AuthorizationRules.xml"
03 c:\windows\system32\icacls.exe $authorizationFile /grant ('"' + "IISAppPool\$applicationPoolName"+ '":R') > $null

Other commands for managing PowerShell Web Access include:

• Add-PswaAuthorizationRule: Adds authorization rules.
• Remove-PswaAuthorizationRule: Removes a specified authorization rule from PowerShell Web Access.
• Get-PswaAuthorizationRule: Displays the rules created.
• Test-PswaAuthorizationRule: Evaluates the authorization rules.

The following example grants the administrator user in the Contoso domain access to manage the computer srv1.contoso.int and the use of the microsoft.powershell session configuration:

Add-PswaAuthorizationRule -UserName Contoso\administrator-ComputerName srv1.contoso.int-ConfigurationName microsoft.powershell

Every Windows PowerShell session uses a session configuration. If you do not specify a session configuration for a session, PowerShell uses the built-in Windows PowerShell default session configuration by the name of microsoft.powershell. The default session configuration includes all cmdlets available on a computer.