PowerShell Web Access: manage servers from a browser
PowerShell is one of the basic tools that a system administrator can use to perform configuration and to manage a domain network. Often, the system administrator needs to connect remotely to the server and perform certain tasks on it. Of course, you can use Remote Desktop, but in this case the administrator will be limited - it is not always possible to quickly and easily connect to a computer remotely, a convenient computer is not always at hand. In this article, I’ll tell you about remote connectivity using PowerShell Web Access.
PowerShell allows using special cmdlets to perform absolutely everything that can be done in the system using a graphical interface, as well as what is impossible in a graphical interface. Thus, PowerShell is a universal management tool.
The main advantage of PowerShell Web Access is that the system administrator can work on the server remotely using the most common browser. And anticipating possible issues, the usual browser here means not only InternetExplorer, but also Safari, and Mozila Filefox, and Google Chrome.
')
To install and configure PowerShell Web Access, you need to follow three basic steps:
Further detailed implementation of each of these steps I will describe to you. By the way, it has already been mentioned that in most cases you can configure Windows Server in two ways - using a graphical interface and using PowerShell cmdlets.
The very process of installing PowerShell Web Access is pretty common. You can install this component using both the Add Roles and Features Wizard and the PowerShell cmdlet.
In the Setup Wizard for roles and components, select the Features item and install the PowerShell add-on - PowerShell Web Access in it. For PowerShell Web Access to work correctly, the Web server role ( Web Server Role - IIS ) must be installed, which will be automatically selected for installation.
Also, you can always use an alternative solution and use the PowerShell cmdlet for the installation, rather than a graphical interface (just remember to run PowerShell with Administrator rights):
However, installation is only the first step in setting up PowerShell Web Access.
You need to configure the gateway on the server where the PowerShell Web Access role was installed.
To configure PowerShell Web Access, you can use the Install - PswaWebApplication cmdlet . Using it, you install PowerShell Web Access web applications on your website, created by default when you install the IIS server. The default path to the site is as follows: https: // <server_name> / pswa . To change this value, you can use the WebAppli cationName parameter (if you want to change the name of the web application - pswa ) and WebSite Name (if you want to install the web application on another site). Also, to ensure the security of your environment, you must use a valid certificate that is signed by your Certification Authority service. How to configure an SSL certificate in IIS Manager can be found here .
After you have installed PowerShell Web Access and set up a gateway (installed a web application), your users will be able to open the login page in the browser, but they will not be able to sign in. The reason is that while we have not granted access to our users explicitly. It is important to note that when authenticating with authorization in PowerShell Web Access, access is limited by default, not allowed. Those. if the permission to the user is not explicitly granted, then this user does not have access to anything.
Authorization rules can only be added using PowerShell cmdlets, a graphical user interface is not provided for this. To add an authorization rule, we use the Add-PswaAuthorizationRule cmdlet with various parameters that allow you to specify the user name, computer name, etc. (More about the cmdlets for PowerShell Web Access here ):
Now the user can connect to PowerShell Web Access from the browser and get started. And you can connect to any of the servers, if you have the appropriate permission.
The PowerShell Web Access Session is a PowerShell command line with which you can remotely manage tasks on your server.
Another interesting feature offered by PowerShell Web Access is the ability to save sessions and reconnect to them from various devices (click the Save button). By default, PowerShell Web Access limits the user to three simultaneous sessions.
Web Access PowerShell sessions will not last forever. A timeout message is displayed for the logged in user after 15 minutes of inactivity in the session. If the user does not respond within five minutes after the timeout message is displayed, the session ends and the user logs out. You can change the default values for PowerShell Web Access in the website settings in IIS Manager.
I note that since PowerShell Web Access is a PowerShell web console for a specific remote computer, you can use only those PowerShell cmdlets or scripts that are available on this remote computer.
What is the difference between a web console and local PowerShell? Most of the basic functionality is available, but there are differences:
In addition, using PowerShell Web Access you come under a number of restrictions:
I hope that you have found useful information in this article that you can apply in your work.
Thanks for attention!
PowerShell allows using special cmdlets to perform absolutely everything that can be done in the system using a graphical interface, as well as what is impossible in a graphical interface. Thus, PowerShell is a universal management tool.
The main advantage of PowerShell Web Access is that the system administrator can work on the server remotely using the most common browser. And anticipating possible issues, the usual browser here means not only InternetExplorer, but also Safari, and Mozila Filefox, and Google Chrome.
')
List of supported browsers:
- Windows Internet Explorer for Microsoft Windows 8.0, 9.0, 10.0 and 11.0
- Mozilla Firefox 10.0.2
- Google Chrome 17.0.963.56m for Windows
- Apple Safari 5.1.2 for Windows
- Apple Safari 5.1.2 for Mac OS
To install and configure PowerShell Web Access, you need to follow three basic steps:
- Install PowerShell Web Access
- Configure gateway
- Configure site authorization and security rules
Further detailed implementation of each of these steps I will describe to you. By the way, it has already been mentioned that in most cases you can configure Windows Server in two ways - using a graphical interface and using PowerShell cmdlets.
1 Install PowerShell Web Access
The very process of installing PowerShell Web Access is pretty common. You can install this component using both the Add Roles and Features Wizard and the PowerShell cmdlet.
In the Setup Wizard for roles and components, select the Features item and install the PowerShell add-on - PowerShell Web Access in it. For PowerShell Web Access to work correctly, the Web server role ( Web Server Role - IIS ) must be installed, which will be automatically selected for installation.
Also, you can always use an alternative solution and use the PowerShell cmdlet for the installation, rather than a graphical interface (just remember to run PowerShell with Administrator rights):
Install-WindowsFeature –Name WindowsPowerShellWebAccess -ComputerName <computer_name> -IncludeManagementTools –Restart However, installation is only the first step in setting up PowerShell Web Access.
2 Gateway setup
You need to configure the gateway on the server where the PowerShell Web Access role was installed.
To configure PowerShell Web Access, you can use the Install - PswaWebApplication cmdlet . Using it, you install PowerShell Web Access web applications on your website, created by default when you install the IIS server. The default path to the site is as follows: https: // <server_name> / pswa . To change this value, you can use the WebAppli cationName parameter (if you want to change the name of the web application - pswa ) and WebSite Name (if you want to install the web application on another site). Also, to ensure the security of your environment, you must use a valid certificate that is signed by your Certification Authority service. How to configure an SSL certificate in IIS Manager can be found here .
3 Configuring authorization rules and site security
After you have installed PowerShell Web Access and set up a gateway (installed a web application), your users will be able to open the login page in the browser, but they will not be able to sign in. The reason is that while we have not granted access to our users explicitly. It is important to note that when authenticating with authorization in PowerShell Web Access, access is limited by default, not allowed. Those. if the permission to the user is not explicitly granted, then this user does not have access to anything.
Authorization rules can only be added using PowerShell cmdlets, a graphical user interface is not provided for this. To add an authorization rule, we use the Add-PswaAuthorizationRule cmdlet with various parameters that allow you to specify the user name, computer name, etc. (More about the cmdlets for PowerShell Web Access here ):
Now the user can connect to PowerShell Web Access from the browser and get started. And you can connect to any of the servers, if you have the appropriate permission.
The PowerShell Web Access Session is a PowerShell command line with which you can remotely manage tasks on your server.
Another interesting feature offered by PowerShell Web Access is the ability to save sessions and reconnect to them from various devices (click the Save button). By default, PowerShell Web Access limits the user to three simultaneous sessions.
Web Access PowerShell sessions will not last forever. A timeout message is displayed for the logged in user after 15 minutes of inactivity in the session. If the user does not respond within five minutes after the timeout message is displayed, the session ends and the user logs out. You can change the default values for PowerShell Web Access in the website settings in IIS Manager.
I note that since PowerShell Web Access is a PowerShell web console for a specific remote computer, you can use only those PowerShell cmdlets or scripts that are available on this remote computer.
What is the difference between a web console and local PowerShell? Most of the basic functionality is available, but there are differences:
- When reporting information about the progress of a task, only the final result of the cmdlet execution is displayed on the screen (the steps are not shown)
- Background and primary colors cannot be changed on the web console.
- PowerShell Web Access does not implement a number of methods in its interface, for example, any commands that write to the Windows console
- PowerShell Web Access does not support some keyboard shortcuts, in many cases because these keys are reserved for browser commands.
In addition, using PowerShell Web Access you come under a number of restrictions:
- Dual connection - an attempt to connect to the second remote computer from an existing connection
- PowerShell Web Access uses and has the same limitations as a remote Windows PowerShell session.
- Filling by pressing the TAB key does not work in sessions that are configured to work in a limited execution space or in NoLanguage mode ; the e xit command can also not be run to end the session (to exit, you must press the corresponding button on the console page)
- PowerShell Web Access allows only one connection to a remote computer within a single browser session; you cannot log in and connect to multiple remote computers using separate browser tabs
- When idle, the PowerShell Web Access gateway session closes the remote connection between the gateway and the destination computer. This stops the execution of all cmdlets or scripts. Therefore, it is recommended to use PowerShell to perform lengthy tasks.
I hope that you have found useful information in this article that you can apply in your work.
Thanks for attention!
useful links
- Try Azure for free for 30 days!
- Learn Microsoft Virtual Academy courses
- Cross-Platform Development with Visual Studio
- Basics of building a domain network. Part 2
- Upgrading the organization's infrastructure using Windows Server 2012 R2
- Unity Game Programming Introduction
- Business and the cloud: best practices solutions
- Download a trial version of Windows Server 2012 R2
- Download free or trial Visual Studio
Source: https://habr.com/ru/post/242863/
All Articles