PowerShell Web Access

I had a busy day.  In addition to my usual responsibilities and projects, I set out to build a PowerShell Web Access (PSWA) server.  In case the naming wasn’t clear, this is simply a gateway to allow web based access to PowerShell from devices with a web browser. 

Here’s what you do:

• Consider the risks of such a solution, particularly when exposed to the Internet
• Get the basics set up
  • Set up or pick an existing Windows Server 2012 system.  Install the PSWA Feature and confirm dependencies such as the IIS role.
  • Configure the gateway by running Install-PswaWebApplication at an elevated PowerShell prompt.  Set up your certificate and HTTPS binding in IIS as appropriate
  • Configure access and authorization rules.  Use Add-PswaAuthorizationRule with…
    • ComputerGroupName domain\group or ComputerName domain\computer for destination systems, * for all systems
    • UserGroupName domain\group or UserName domain\username for authorized users, * for all users
    • ConfigurationName Microsoft.PowerShell for the default configuration.  Google or read Ravikanth’s posts on this.  On second thought, read his entire free e-book on PowerShell remoting, it’s worth your time
    • RuleName, so you can stay organized!
• If you desire, consider the risks of allowing CredSSP and set it up for appropriate remote systems.  This let’s you delegate credentials to those end systems; otherwise any command you run that requires network authorization, even accessing a file share, will fail.  Guess who can help with this?  Ravikanth again.
• Read up on the various posts above and perhaps browse the web to ensure everything is set up to meet your needs and security requirements.  Then log in and start administering from your phone!

I’m off to enjoy a delicious vegetarian Moroccan stew!

Advertisements