Configuring Windows Server PowerShell Web Access

  • Article

PowerShell Web Access is a new feature in Windows Server 2012 (in this case, Windows 8 Beta).  The obvious advantage of this functionality is being able to easily run remote PS commands without making a direct connection (either console or RDP) or using long-hand PowerShell commands like ‘enter-pssession’ and ‘invoke-command’ required for remote PowerShell.

I’m certainly no PowerShell guru, but I’ve shown this a few times in my lab lately and had some folks ask a few questions…primarily, how do you install this?

It’s a pretty straightforward installation…there’s an even a switch to let PowerShell configure the certificate for you (a test cert, so lab usage only please).

In my lab, I started from scratch with a Windows 8 Beta VM.  I installed the IIS and PowerShell Web Access Role/Feature.

image

Next, you’ll want to run the ‘install-PswaWebApplication –UseTestCertificate’ command to install the application.  If you have an existing cert you can assign it with this switch as well or you more easily, you can just assign it while your in IIS Manager.  You won’t need the switch then (if you try to use it, the script will bark at you letting you know the site is already configured for SSL).  For production environments, you will obviously be using a CA cert of some kind.  The downside, as you can see from the yellow text below, is that this cert expires in 90 days.

Creating a self-signed cert is easy – go here: https://technet.microsoft.com/en-us/library/cc753127(v=WS.10).aspx and create a ‘personal’ cert on the server where you are hosting PSWA.  Edit bindings on the default web site (or wherever you installed PSWA) and select the cert you created and bind it to 443.  Easy enough.

image

Next, you’ll want to use the ‘Add-PswaAuthorizationRule * * *’ command:

image

From here, you can login to https://servername/pswa

image

 

image

You can login to both Windows 8 and Windows 2008 R2 hosts.  If you get an error, it’s usually because WinRM isn’t properly configured.  Issuing the command “winrm quickconfig’ on a host will usually fix the problem and you’ll be able to access it remotely.

Have fun!