PowerShell Web Access: Managing Servers from a Browser

    PowerShell is one of the main tools that a system administrator can use to perform configuration and to manage a domain network. Often, the system administrator needs to remotely connect to the server and perform certain tasks on it. Of course, you can use Remote Desktop, but in this case the administrator will be limited - it is not always possible to easily and quickly remotely connect to a computer, there is not always a convenient computer at hand. In this article, I will tell you about the ability to remotely connect using PowerShell Web Access.

    PowerShell allows using special cmdlets to perform absolutely everything that can be done in the system using the graphical interface, as well as what cannot be done in the graphical interface. Thus, PowerShell is a universal tool.
    The main advantage of PowerShell Web Access is that the system administrator can work on the server remotely using the most common browser. And anticipating possible issues, a normal browser here means not only InternetExplorer, but also Safari, Mozila Filefox, and Google Chrome.

    List of supported browsers:
    • Windows Internet Explorer for Microsoft Windows 8.0, 9.0, 10.0, and 11.0
    • Mozilla Firefox 10.0.2
    • Google Chrome 17.0.963.56m for Windows
    • Apple Safari 5.1.2 for Windows
    • Apple Safari 5.1.2 for Mac OS

    There are three basic steps to installing and configuring PowerShell Web Access:
    1. Install PowerShell Web Access
    2. Configure gateway
    3. Configure authorization and site security rules

    Further, the detailed implementation of each of these steps I will describe to you. By the way, it has already been mentioned that in most cases you can configure Windows Server in two ways - using the graphical interface and using PowerShell cmdlets.

    1 Install PowerShell Web Access

    The PowerShell Web Access installation process itself is pretty common. Set this component can be both via roles installation wizard and components server ( Add Roles and Features Wizard ), and by using the PowerShell .
    The Setup Wizard roles and features , select the item Components ( Features ) , and in addition it set for PowerShell -PowerShell Web Access. For PowerShell Web Access to work correctly, the Web Server Role (IIS ) role must be installed , which will be automatically selected for installation.

    You can also always use an alternative solution and use the PowerShell cmdlet instead of the graphical interface for installation (just remember to run PowerShell with Administrator rights):

    Install-WindowsFeature –Name WindowsPowerShellWebAccess -ComputerName  -IncludeManagementTools –Restart

    However, installation is only the first step in setting up PowerShell Web Access.

    2 Gateway setup

    You must configure the gateway on the server on which the PowerShell Web Access role was installed.
    To configure PowerShell Web Access, you can use the Install cmdlet - PswaWebApplication . Using it, you install the PowerShell Web Access web applications on your site, created by default during the installation of the IIS server. The default path to the site is as follows: https: // <server_name> / pswa . To change this value, you can use the WebAppli cationName parameter (if you want to change the name of the web application - pswa ) and WebSite Name(if you want to install web applications on another site). Also, to ensure the security of your environment, you must use a valid certificate that is signed by your Certification Authority. You can read about how to configure an SSL certificate in IIS Manager here .

    3 Setting authorization rules and site security

    After you have installed PowerShell Web Access and configured the gateway (installed the web application), your users will be able to open the login page in the browser, but they will not be able to log in. The reason is that so far we have not provided access to our users explicitly. It is important to note that when authenticating with authorization in PowerShell Web Access, access by default is limited, not allowed. Those. if permission is not explicitly granted to the user, then that user does not have access to anything.
    Authorization rules can only be added using PowerShell cmdlets; a graphical interface is not provided for this. To add an authorization rule, we use the Add-PswaAuthorizationRule cmdletwith various parameters allowing you to specify a username, computer name, etc. (more about cmdlets for PowerShell Web Access here ):

    Now a user can connect to PowerShell Web Access from a browser and get started. Moreover, you can connect to any of the servers if you have the appropriate permission.

    A PowerShell Web Access session is a PowerShell command line that you can use to remotely manage tasks on your server.
    Another interesting feature offered by PowerShell Web Access is the ability to save sessions and reconnect to them from various devices (click the " Save " button) By default, PowerShell Web Access restricts the user to three simultaneous sessions.

    PowerShell Web Access session timeouts do not last forever. A timeout message is displayed for the logged in user after 15 minutes of inactivity in the session. If the user does not respond within five minutes after a timeout message is displayed, the session ends and the user logs off. The default values ​​for PowerShell Web Access can be changed in the website settings in IIS Manager.
    Note that since PowerShell Web Access is the PowerShell web console for a specific remote computer, you can only use PowerShell cmdlets or scripts that are available on that remote computer.
    What is the difference between a web console and local PowerShell? Most of the basic functionality is available, but there are differences:
    • When reporting information about the progress of a task, the screen displays only the final result of the cmdlet (execution steps are not shown)
    • Background and foreground colors cannot be changed in the web console
    • PowerShell Web Access does not implement a number of methods in its interface, for example, any commands that write to the Windows console
    • PowerShell Web Access does not support certain keyboard shortcuts, in many cases because these keys are reserved for browser commands

    In addition, using PowerShell Web Access you come under a number of restrictions:
    • Dual Connect — An attempt to connect to a second remote computer from an existing connection.
    • PowerShell Web Access uses and has the same limitations as a remote Windows PowerShell session
    • Filling by pressing the TAB key does not work in sessions configured to work in a limited execution space or in NoLanguage mode , the e xit command cannot be run to end a session (to exit, you will need to click the corresponding button on the console page)
    • PowerShell Web Access allows only one connection to a remote computer in a single browser session; you cannot log in and connect to multiple remote computers using separate browser tabs
    • If a PowerShell Web Access gateway session is idle, the remote connection between the gateway and the destination computer is closed. This stops the execution of all cmdlets or scripts. Therefore, PowerShell is recommended for long-term tasks.

    I hope that you have found useful information in this article that you can apply in your work.
    Thanks for attention!

    useful links

    Also popular now: