Powershell

Table of Contents

4.6 Powershell Web Access

Powershell Web Access, (abbreviated to PSWA) is an framework for enabling powershell on a server to be enabled over the web.

The Architecture of Powershell is enabling the PSWA Role installed on a Windows Server and enabling firewall exceptions to allow Powershell traffic to and from the website. Access control permissions are then set to allow access over HTTP/HTTPS from an external web browser connection to the Powershell Host Shell on the target server.



To enable PSWA on a server and allow access follow the steps below.

1) On a Windows Server instance install the IIS feature See section 2.2 IIS The powershell command is
Install-WindowsFeature -name Web-Server -IncludeManagementTools


2) Import a certificate on IIS Certificate manager for HTTPS traffic.
This step configures the server with a SSL certificate for browsing to the PSWA server webpage over a https:// URL which is more secure then the http:// URL

3) Run the below code replacing COMPUTERNAME with the name of the server

Install-WindowsFeature –Name WindowsPowerShellWebAccess –Computername COMPUTERNAME -IncludeManagementTools –Restart


5)Install-PswaWebApplication

6) Test website is accessible from browsing to URL http://SERVERNAME/pswa

If an message appears saying This websites uses the Secure Sockets Layer (SSL) protocol, and requires an HTTPS address. Please update the URL in your browser go to next step

7) Open the IIS Manager

8) In the IIS Manager tree pane, expand the node for the server on which Windows PowerShell Web Access is installed until the Sites folder is visible. Expand the Sites folder.

9) Select the website in which you have installed the Windows PowerShell Web Access web application. In the Actions pane, click Bindings.

10) In the Site Binding dialog box, click Add.

11) In the Add Site Binding dialog box, in the Type field, select HTTPS.

12) In the SSL certificate field, select your signed certificate from the drop-down menu. Click OK



13) The remaining steps define and configure ‘restrictive authorization rules’. Authorization rules explicitly provide users and group’s access to a computer, or a group of computers.

Below are the steps required for us to create a new session configuration that allows access to our custom PowerShell module. We then need to register this session to allow our users to access it.

A "session configuration" or "endpoint" is a collection of local computer settings that determine such things as which users can create sessions on the computer; which commands users can run in those sessions; and whether the session should run as a privileged virtual account.

Create a new session configuration by running the below code
New-PSSessionConfigurationFile -ModulesToImport DOMAINANME -Path C:\DOMAINANME.pssc


This creates a new file (.pssc extension) that imports our custom PowerShell module when a session starts.

14) Register the session configuration by runing the following command:

Register-PSSessionConfiguration -Name DOMAINANME -Path C:\DOMAINANME.pssc


15) Authorize a group of users access to a single server. Now that session configuration is registered, we can create the various authorization rules to allow access by running the below command
Add-PswaAuthorizationRule –ComputerName “” –UserGroupName “\” –ConfigurationName DOMAINANME


Verify connectivity with user by logging into URL http://SERVERNAME/pswa
The user should be able to log in successfully


Visit next page to learn about - 4.7 Data Serialisation