Windows Server 2012 PowerShell Web Access

PowerShell Web Access is an awesome new feature which allows you to control your server environments in the web browser. Here is a list of compatible browsers:

· Windows® Internet Explorer® for Microsoft Windows® 8.0, 9.0, and 10.0

· Mozilla Firefox® 10.0.2

· Google Chrome™ 17.0.963.56m for Windows

· Apple Safari® 5.1.2 for Windows

· Apple Safari 5.1.2 for Mac OS®

I was even able to login and execute PowerShell Commands from my Nokia Lumia 1020!

Here’s a screenshot for proof:

clip_image002

I followed the steps laid out here: http://technet.microsoft.com/en-us/library/hh831611.aspx. There were a few items that I did differently so here’s my experience:

Step 1 – Install Windows PowerShell Web Access Using PowerShell

Log into the Windows Server 2012 server you’d like to test this on. In my case this was a test SharePoint 2013 VM Running Server 2012 and SQL Server 2012. Run Windows PowerShell as an administrator and run the following command, which installs the Windows PowerShell Web Access feature (This could also be done from Server Manager, but this post is all about PowerShell so might as well keep it consistant):

Step 2 – Configure the Windows PowerShell Web Access gateway with a test certificate

Now that we’ve installed the PSWA feature onto the server, we need to create the ‘Gateway’ or IIS Web Site. This step can be as simple as running: Install-PswaWebApplication –UseTestCertificate. This will use a self-signed certificate (only recommended in dev/test environments!) and will create a new web application underneath the Default Web Site and bind the certificate to it. Here’s a list of the defaults:

· Path: /pswa

· ApplicationPool: pswa_pool

· EnabledProtocols: http

· PhysicalPath: %windir%/Web/PowerShellWebAccess/wwwroot

In my case I didn’t want to install the PSWA application under the Default Web Site. I create a new IIS Web Site Called “PSWA” and assigned it port 8001 to start. Don’t forget to give ‘Everyone’ read access to this site or you may get a 401 error.

I ran the following command after setting up the new IIS Web Site (Note: You can use the parameter WebApplicationName to change the application from /pswa to something else):

 

Step 3 – Configure a restrictive authorization rule

Now that everything is setup you should be able to browse https://servername/pswa and get to the PowerShell Web Access login screen (after a certificate warning in my scenario). Sweet! Now you try logging in and get presented with the following screen:

clip_image004

This is because we have not granted anyone access to this server yet. The Add-PswaAuthorizationRule command comes to the rescue! You can run this command for a specific user or a group of users. Just make sure the ConfigurationName parameter is correct! You can create your own session configuration or you can use a built-in one like Microsoft.PowerShell, which gives full access to all cmdlets, modules, and providers. You could essentially create a session configuration for a Server Admin and a SharePoint Admin and give them access to different sets of commands. Again, this is test so I’m giving my user full reigns.

Here’s the command to do so:

Now run the following command to check your work:

It should return something similar to this:

Id RuleName User Destination ConfigurationName

— ——– —- ———– —————–

1 Rule 1 ajb\sp13_install ajb\sp2013ent2 microsoft.power…

 

You should now be able to login using the forms login screen at https://servername/pswa!

If this is a SharePoint server I can now add the SharePoint PowerShell Snap in and start playing..Don’t have too much fun 🙂

clip_image006