Lead Image © Petre Coman, 123RF.com

Lead Image © Petre Coman, 123RF.com

Remotely managing web access servers

PowerShell Web Access

Article from ADMIN 23/2014
By
The Windows PowerShell web-based console lets you run PowerShell commands and scripts in your browser.

Windows PowerShell Web Access provides a web-based Windows PowerShell console. The web-based console lets you run PowerShell commands and scripts in a web browser. You can even use PowerShell Web Access to access the PowerShell of your servers remotely on a smartphone or tablet. Additionally, you can use all commandlets (cmdlets) that are available on the server.

PowerShell Web Access requires you to have at least the web server (IIS), .NET Framework 4.5, and PowerShell 3.0 installed on the server on which you run the gateway.

You can install PowerShell Web Access with Server Manager or PowerShell; the necessary roles and features are added automatically. Just expand the Features item on the Select Features page of the Add Roles and Features Wizard and select Windows PowerShell Web Access . Alternatively, you can use the following PowerShell cmdlet for the install:

Install-WindowsFeature -Name WindowsPowerShellWebAccess-ComputerName Name of the Server-IncludeManagementTools-Restart

After installing PowerShell Web Access, the next step is to set up the gateway for PowerShell Web Access. The Install-PswaWebApplication cmdlet provides a quick approach to configuring PowerShell Web Access.

You can install a self-signed SSL certificate with the option -UseTestCertificate. Using the IIS Manager console, replace the test certificate with a signed certificate. Running this cmdlet installs the PowerShell Web Access web application in the default web site container of IIS. You can access the website by following the link to https://[Servername]/pswa . However, you can only log on after granting users access to the site by adding authorization rules.

After you've installed PowerShell Web Access and set up the gateway with the website and the certificate, you still need to allow users to access PowerShell via Web Access. To do this in a PowerShell session launched with extended user rights (Run as administrator ), you would run the commands shown in Listing 1.

Listing 1

Allow Access

01 $applicationPoolName = "Name of the PSWA application pool"
02 $authorizationFile = C:\windows\web\ powershellwebaccess\data\AuthorizationRules.xml"
03 c:\windows\system32\icacls.exe $authorizationFile /grant ('"' + "IISAppPool\$applicationPoolName"+ '":R') > $null

Other commands for managing PowerShell Web Access include:

  • Add-PswaAuthorizationRule: Adds authorization rules.
  • Remove-PswaAuthorizationRule: Removes a specified authorization rule from PowerShell Web Access.
  • Get-PswaAuthorizationRule: Displays the rules created.
  • Test-PswaAuthorizationRule: Evaluates the authorization rules.

The following example grants the administrator user in the Contoso domain access to manage the computer srv1.contoso.int and the use of the microsoft.powershell session configuration:

Add-PswaAuthorizationRule -UserName Contoso\administrator-ComputerName srv1.contoso.int-ConfigurationName microsoft.powershell

Every Windows PowerShell session uses a session configuration. If you do not specify a session configuration for a session, PowerShell uses the built-in Windows PowerShell default session configuration by the name of microsoft.powershell. The default session configuration includes all cmdlets available on a computer.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • The best cmdlets for PowerShell
    Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators.
  • Top PowerShell Cmdlets

    Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators.

  • Use PowerShell to manage Exchange Online
    Exchange Online in Office 365 can be managed just like its local counterpart with similar, sometimes identical, PowerShell cmdlets.
  • Security with PowerShell 5
    Despite the growing exploitation of PowerShell's scripting language by hackers, the tool's security features also offer a line of defense.
  • Stressing security with PowerShell
    PowerShell is not the usual go-to tool for pentesting, but it can reveal IT vulnerabilities that suggest a more considered use of the tool.
comments powered by Disqus