Windows PowerShell Web Access is a new feature in Windows Server 2012. It is an IIS application that provides a Windows PowerShell console in a web browser. The IIS application acts as a gateway between the web browser and the machines that you can connect to in your environment. These machines should have Windows PowerShell remoting enabled.
The video below illustrates the three simple steps of setup and configuration –
1. Feature installation
In the video we use GUI to install the feature. We could also use the Windows PowerShell cmdlet equivalent for installation (run the cmd in an elevated PowerShell console) –
Install-WindowsFeature –Name WindowsPowerShellWebAccess –IncludeAllManagementTools
2. Web application setup in IIS
After successful feature installation, IIS has to be configured to host the web application. The video illustrates automated setup for IIS using the cmdlet Install-PswaWebApplication where default values are used by the cmdlet to setup the web application and the website.
If you don’t wish to use the default values, you can specify values for –WebApplicationName and –WebsiteName parameters for the cmdlet. You can also configure IIS manually. More details on different ways to configure IIS are available in Windows PowerShell Web Access help document.
3. Configuring authorization rules
The authorization rules act as a white list and help manage access control to the gateway and the remote machine. Without the authorization rules, no user will be able to use PSWA’s website to login and manage a remote machine.
In the video, we create one authorization rule for the administrator to login to the pswagateway machine. As specified by the rule, the administrator will only be able to connect to the default PowerShell endpoint, i.e. Microsoft.PowerShell on the machine pswagateway. The login will fail if the administrator tries to connect to some other machine or some other PowerShell endpoint on pswagateway.
There may be other local or built-in users on pswagateway machine who have access rights to manage the machine using other remote connection software such as Remote Desktop services etc. But, they cannot connect to pswagateway via PowerShell Web Access because no authorization rule is created for them. Therefore, authorization rules provide an additional layer of security on top of the existing access control rights on the machine.
More details on authorization rules can be found in Windows PowerShell Web Access help document. Also, stay tuned for a blog post on authorization rules.
In all, Windows PowerShell Web Access provides a secure way to access a remote PowerShell console in a web browser. This provides mobility and ease of access. Since the web console is accessible via a website, users can now connect to their remote machines from various mobile devices such as tablets, phones etc.
Windows PowerShell Web Access
Click here to download the video.