Today I had a chat with a customer about the Windows PowerShell Web Access. I told him, that the Web-based access could be very useful, at least sometimes, and not just a gimmick.

I told him to read this TechNet article: Install and Use Windows PowerShell Web Access.

The article is great, but instead of applying so many rules (most examples use single users and single computer) my approach is group based. I’m a big fan of groups, and that gives me the flexibility to manage everything via the existing Active Directory. And as a benefit, it could reduce the rules.


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Cleanup
Get-PswaAuthorizationRule | Remove-PswaAuthorizationRule -Force

$paramAddPswaAuthorizationRule = @{
	UserGroupName     = 'DOMAIN\ACCESS-GROUP'
	ComputerGroupName = 'DOMAIN\COMPUTER-GROUP'
	ConfigurationName = 'Microsoft.PowerShell'
	RuleName          = 'Admin Rule for PowerShell Remote Web Access via Gateway'
	Force             = $true
	ErrorAction       = 'Stop'
	WarningAction     = 'SilentlyContinue'
}

try 
{
	# No output
	$null = (Add-PswaAuthorizationRule @paramAddPswaAuthorizationRule)
} catch 
{
	Write-Error -Message 'Unable to create the PowerShell Remote Web Access Rule' -ErrorAction Stop
}

# Get Info
Get-PswaAuthorizationRule

<#
		Id    RuleName         User                             Destination                     ConfigurationName
		--    --------         ----                             -----------                     -----------------
		0     Admin Rule fo... DOMAIN\ACCESS-GROUP              DOMAIN\COMPUTER-GROUP           Microsoft.PowerShell
#>

And there is a Gist for this.

Windows PowerShell Web Access Login

Windows PowerShell Web Access Login

Please note the following:
UserGroupName – It must be the Format ‘DOMAIN\ACCESS-GROUP
ComputerGroupName – It must be the Format ‘DOMAIN\COMPUTER-GROUP‘. UPN will not work!
ConfigurationName – It must match with the provided name during the login, ‘Microsoft.PowerShell‘ is the default, it’s good idea to use another one.
RuleName – It Is for your information only
Certificate – I highly recommend using a trusted certificate
Security – I also recommend you to keep an eye on the Gateway, especially if it is published directly to the Internet (Please keep in mind, that this is a shell access to you systems)
Load Balancing – If you have multiple gateways, you can use a load Balancer. You must ensure, that the session is sticky. But I think it is not officially supported.

Windows PowerShell Web Access Terminal

Windows PowerShell Web Access Terminal

Update:
And here is why I find the Windows PowerShell Web Access so extremely useful: With the iPowerShell V.5 from SAPIEN Technologies, you can access it from you Mobile Device! Free from the AppStore!

iPowerShell

iPowerShell

I have some Scripts stored in my OneDrive and I execute them from my iPad. Mostly maintenance and reporting stuff that I need from time to time. And I don’t need to open or start my computer!

iPowerShell Terminal

iPowerShell Terminal