PowerShell Web Access

I had a busy day.  In addition to my usual responsibilities and projects, I set out to build a PowerShell Web Access (PSWA) server.  In case the naming wasn’t clear, this is simply a gateway to allow web based access to PowerShell from devices with a web browser. 

ps

Here’s what you do:

  • Consider the risks of such a solution, particularly when exposed to the Internet
  • Get the basics set up
    • Set up or pick an existing Windows Server 2012 system.  Install the PSWA Feature and confirm dependencies such as the IIS role.
    • Configure the gateway by running Install-PswaWebApplication at an elevated PowerShell prompt.  Set up your certificate and HTTPS binding in IIS as appropriate
    • Configure access and authorization rules.  Use Add-PswaAuthorizationRule with…
      • ComputerGroupName domain\group or ComputerName domain\computer for destination systems, * for all systems
      • UserGroupName domain\group or UserName domain\username for authorized users, * for all users
      • ConfigurationName Microsoft.PowerShell for the default configuration.  Google or read Ravikanth’s posts on this.  On second thought, read his entire free e-book on PowerShell remoting, it’s worth your time
      • RuleName, so you can stay organized!
  • If you desire, consider the risks of allowing CredSSP and set it up for appropriate remote systems.  This let’s you delegate credentials to those end systems; otherwise any command you run that requires network authorization, even accessing a file share, will fail.  Guess who can help with this?  Ravikanth again.
  • Read up on the various posts above and perhaps browse the web to ensure everything is set up to meet your needs and security requirements.  Then log in and start administering from your phone!

I’m off to enjoy a delicious vegetarian Moroccan stew!

About these ads

One thought on “PowerShell Web Access

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s