Skip to content

Configure Windows PowerShell Web Access

Today I had a chat with a customer about the Windows PowerShell Web Access. I told him, that the Web-based access could be very useful, at least sometimes, and not just a gimmick.

I told him to read this TechNet article: Install and Use Windows PowerShell Web Access.

The article is great, but instead of applying so many rules (most examples use single users and single computer) my approach is group based. I’m a big fan of groups, and that gives me the flexibility to manage everything via the existing Active Directory. And as a benefit, it could reduce the rules.


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Cleanup
Get-PswaAuthorizationRule | Remove-PswaAuthorizationRule -Force

$paramAddPswaAuthorizationRule = @{
	UserGroupName     = 'DOMAIN\ACCESS-GROUP'
	ComputerGroupName = 'DOMAIN\COMPUTER-GROUP'
	ConfigurationName = 'Microsoft.PowerShell'
	RuleName          = 'Admin Rule for PowerShell Remote Web Access via Gateway'
	Force             = $true
	ErrorAction       = 'Stop'
	WarningAction     = 'SilentlyContinue'
}

try 
{
	# No output
	$null = (Add-PswaAuthorizationRule @paramAddPswaAuthorizationRule)
} catch 
{
	Write-Error -Message 'Unable to create the PowerShell Remote Web Access Rule' -ErrorAction Stop
}

# Get Info
Get-PswaAuthorizationRule

<#
		Id    RuleName         User                             Destination                     ConfigurationName
		--    --------         ----                             -----------                     -----------------
		0     Admin Rule fo... DOMAIN\ACCESS-GROUP              DOMAIN\COMPUTER-GROUP           Microsoft.PowerShell
#>

And there is a Gist for this.

Windows PowerShell Web Access Login
Windows PowerShell Web Access Login

Please note the following:
UserGroupName – It must be the Format ‘DOMAIN\ACCESS-GROUP
ComputerGroupName – It must be the Format ‘DOMAIN\COMPUTER-GROUP‘. UPN will not work!
ConfigurationName – It must match with the provided name during the login, ‘Microsoft.PowerShell‘ is the default, it’s good idea to use another one.
RuleName – It Is for your information only
Certificate – I highly recommend using a trusted certificate
Security – I also recommend you to keep an eye on the Gateway, especially if it is published directly to the Internet (Please keep in mind, that this is a shell access to you systems)
Load Balancing – If you have multiple gateways, you can use a load Balancer. You must ensure, that the session is sticky. But I think it is not officially supported.

Windows PowerShell Web Access Terminal
Windows PowerShell Web Access Terminal

Update:
And here is why I find the Windows PowerShell Web Access so extremely useful: With the iPowerShell V.5 from SAPIEN Technologies, you can access it from you Mobile Device! Free from the AppStore!

iPowerShell
iPowerShell

I have some Scripts stored in my OneDrive and I execute them from my iPad. Mostly maintenance and reporting stuff that I need from time to time. And I don’t need to open or start my computer!

iPowerShell Terminal
iPowerShell Terminal
This content is older than 2 years. It might be outdated.
Published inPowerShell

2 Comments

  1. J regal J regal

    Do you know if this will work in an O365 instance?

    • If you mean the connection to a Office 365 instance: Yep!
      You just have to load the connection as part of your script (from within the script or by loading one the the many modules).

      The only think you might need to tweak: Timeout.

      But I use this to execute stuff on Office 365 and remote Exchange Server all the time 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2018 by Joerg Hochwald. All rights reserved. ● Site is powered by Author