⬆️ ⬇️

PowerShell Web Access: manage servers from a browser

PowerShell is one of the basic tools that a system administrator can use to perform configuration and to manage a domain network. Often, the system administrator needs to connect remotely to the server and perform certain tasks on it. Of course, you can use Remote Desktop, but in this case the administrator will be limited - it is not always possible to quickly and easily connect to a computer remotely, a convenient computer is not always at hand. In this article, I’ll tell you about remote connectivity using PowerShell Web Access.









PowerShell allows using special cmdlets to perform absolutely everything that can be done in the system using a graphical interface, as well as what is impossible in a graphical interface. Thus, PowerShell is a universal management tool.

The main advantage of PowerShell Web Access is that the system administrator can work on the server remotely using the most common browser. And anticipating possible issues, the usual browser here means not only InternetExplorer, but also Safari, and Mozila Filefox, and Google Chrome.

')

List of supported browsers:
  • Windows Internet Explorer for Microsoft Windows 8.0, 9.0, 10.0 and 11.0
  • Mozilla Firefox 10.0.2
  • Google Chrome 17.0.963.56m for Windows
  • Apple Safari 5.1.2 for Windows
  • Apple Safari 5.1.2 for Mac OS




To install and configure PowerShell Web Access, you need to follow three basic steps:

  1. Install PowerShell Web Access
  2. Configure gateway
  3. Configure site authorization and security rules


Further detailed implementation of each of these steps I will describe to you. By the way, it has already been mentioned that in most cases you can configure Windows Server in two ways - using a graphical interface and using PowerShell cmdlets.



1 Install PowerShell Web Access



The very process of installing PowerShell Web Access is pretty common. You can install this component using both the Add Roles and Features Wizard and the PowerShell cmdlet.

In the Setup Wizard for roles and components, select the Features item and install the PowerShell add-on - PowerShell Web Access in it. For PowerShell Web Access to work correctly, the Web server role ( Web Server Role - IIS ) must be installed, which will be automatically selected for installation.



Also, you can always use an alternative solution and use the PowerShell cmdlet for the installation, rather than a graphical interface (just remember to run PowerShell with Administrator rights):



Install-WindowsFeature –Name WindowsPowerShellWebAccess -ComputerName <computer_name> -IncludeManagementTools –Restart 








However, installation is only the first step in setting up PowerShell Web Access.



2 Gateway setup



You need to configure the gateway on the server where the PowerShell Web Access role was installed.

To configure PowerShell Web Access, you can use the Install - PswaWebApplication cmdlet . Using it, you install PowerShell Web Access web applications on your website, created by default when you install the IIS server. The default path to the site is as follows: https: // <server_name> / pswa . To change this value, you can use the WebAppli cationName parameter (if you want to change the name of the web application - pswa ) and WebSite Name (if you want to install the web application on another site). Also, to ensure the security of your environment, you must use a valid certificate that is signed by your Certification Authority service. How to configure an SSL certificate in IIS Manager can be found here .







3 Configuring authorization rules and site security



After you have installed PowerShell Web Access and set up a gateway (installed a web application), your users will be able to open the login page in the browser, but they will not be able to sign in. The reason is that while we have not granted access to our users explicitly. It is important to note that when authenticating with authorization in PowerShell Web Access, access is limited by default, not allowed. Those. if the permission to the user is not explicitly granted, then this user does not have access to anything.

Authorization rules can only be added using PowerShell cmdlets, a graphical user interface is not provided for this. To add an authorization rule, we use the Add-PswaAuthorizationRule cmdlet with various parameters that allow you to specify the user name, computer name, etc. (More about the cmdlets for PowerShell Web Access here ):





Now the user can connect to PowerShell Web Access from the browser and get started. And you can connect to any of the servers, if you have the appropriate permission.





The PowerShell Web Access Session is a PowerShell command line with which you can remotely manage tasks on your server.

Another interesting feature offered by PowerShell Web Access is the ability to save sessions and reconnect to them from various devices (click the Save button). By default, PowerShell Web Access limits the user to three simultaneous sessions.



Web Access PowerShell sessions will not last forever. A timeout message is displayed for the logged in user after 15 minutes of inactivity in the session. If the user does not respond within five minutes after the timeout message is displayed, the session ends and the user logs out. You can change the default values ​​for PowerShell Web Access in the website settings in IIS Manager.

I note that since PowerShell Web Access is a PowerShell web console for a specific remote computer, you can use only those PowerShell cmdlets or scripts that are available on this remote computer.

What is the difference between a web console and local PowerShell? Most of the basic functionality is available, but there are differences:



In addition, using PowerShell Web Access you come under a number of restrictions:





I hope that you have found useful information in this article that you can apply in your work.

Thanks for attention!



useful links



Source: https://habr.com/ru/post/242863/



All Articles