Installing and Enabling Powershell Web Access in Windows Server 2012

powershell

I love being able to manage things remotely.   The less I touch the console of server, the lower my chances of accidentally restarting it, doing something silly, you know like dumping a cup of coffee on a few Xeons.

In actual fact, I prefer having direct commands as well as working remotely.  I just want to go to a server and say “DO-THIS” and be done.  

The first time I saw a Web based version of Powershell it was from Quest.  My eyes lit up.

“I can manage the infrastructure from my Mobile device!” quickly picturing managing the entire environment from the comfort of a small secluded Sunny beach, surrounded by Margaritas.

When Microsoft announced Powershell Web Access and that it would work on most Browsers, I started making plans for my little beach location. “It’s part of the freaking OPERATING SYSTEM!”

The only way they can do better now?  I WANT DIRECT ACCESS on my WINDOWS PHONE !  Manage my entire Infrastructure SECURELY from my Windows Phone!

For those of you unaware, Powershell Web Access is Secure Powershell Console rendered within a standard web Browser, such as on your computer or Smartphone (yes, EVEN the iPhone, Blackberry and Android!)

It is also one of the simplest installs I have ever had to do.  It was effectively 4 simple steps.

  1. Add the Windows Powershell Web Access feature to Windows Server 2012
  2. Install the Web Application
  3. Create an Access Rule
  4. Apply an SSL Certificate

You can get very complicated on the install and even host it in your DMZ, but for basic internal access, four steps.  And truly, that’s where I PREFER my access to occur anyhow.

STEP 1 – Add the Windows Powershell Web Access feature

To install the feature you CAN go through the GUI and go “Clickity cllickity clicka click” *OR* being that it’s Powershell Web Access you can just run the “Add-WindowFeature” Cmdlet

ADD-WindowFeature WindowsPowershellWebAccess –includemanagementtools

The parameter “-includemanagementtools” will install the IIS management console.  If you PREFER you can skip this parameter and only install the Powershell Web Access feature.  Less installed means less to patch.

STEP 2 – Install the Web Application

You know, I’m certain somewhere there HAS to be a difficult way to do this, but it’s just a Cmdlet.  By default, with no additional parameters it will create the Powershell Web Access application just under the default Root folder of the IIS web site.  You CAN customize it (including alternate ports and locations) almost any way you like.  

But today is “INSTANT GRATIFICATION DAY!” just execute the following Cmdlet

INSTALL-PSWAWebApplication –force

STEP 3 – Create an Access Rule

This was the MOST DIFFICULT part of the whole scenario.   No really.  I actually had to READ the Help examples.   But run this line to allow Powershell Web Access to your Domain Admins.

Add-PSWAAuthorizationRule -RuleName ‘Domain Admin Access’ -UserGroupName ‘CONTOSODomain Admins’  ConfigurationName * –Force -  -ComputerName ‘SRV-PSWA’ 

Really going left to right it states that

  • the rule who’s name is “Domain Admin Access” (This is completely descriptive, you could name it Flying Chinchilla’s if you liked, but it SHOULD make sense). 
  • The Active Directory Group “Domain Admins” in CONTOSO is being allowed access to ALL of the Powershell Web Access configurations (There’s only two at the time of this writing).  
  • We’re going to apply this rule on the Powershell Web Access server called “SRV-PSWA”.
  • Oh yes, and please “force” it through.   We don’t want to answer any silly questions.

STEP 4 – Apply an SSL Certificate

This is done within the IIS Console in the normal manner.   Apply a certificate to a particular port for the bindings (Typically 443) and force the Web application PSWA to enforce SSL

Here is an excellent article if you want to try and generate a self Signed cert in Powershell (which I think is cooler) but Powershell is all about getting home earlier.   In this case I just opt for the normal route in IIS to general a Self Signed certificate for testing purpose.    You’re only generating a certificate for Web hosting, so if you LIKE just generate a CERTificate request in IIS and pay a few bucks for a real one at your choice of SSL provider.

Me?  I’m cheap so I used the Self signed one and assigned it to the PSWA Web application and enforced the requirement for SSL

image

Once you’re done you can do something like this

https://SRV-PSWA/pswa

Login with your Domain Admin Credentials, specify the name of your Powershell Web Access server and take off!

It’s really THAT easy!

Need more details on Powershell Web Access?  Why not go straight to the source on Microsoft.com!

The Power of Shell is in YOU

Sean
The Energized Tech

Leave a Reply