I have been using Windows Server 2012 for quite some time & 1 of the best features in Management & Automation using PowerShell Web Access.
So What is PowerShell Web Access??
Examples of client devices include laptops, non-work personal computers, borrowed computers, tablet computers, web kiosks, computers that are not running a Windows-based operating system, and cell phone browsers. IT Pros can perform critical management tasks on remote Windows-based servers from devices that have access to an Internet connection and a web browser.
After successful gateway setup and configuration, users can access a Windows PowerShell console by using a web browser. When users open the secured Windows PowerShell Web Access website, they can run a web-based Windows PowerShell console after successful authentication.
Windows PowerShell Web Access setup and configuration is a three-step process:
You can refer Microsoft TechNet Library to get detailed step by step article http://technet.microsoft.com/en-us/library/hh831611.aspx
In today’s blog post I will show you how can you deploy PowerShell Web Access in test environment. I will be using both GUI method i.e. Server Manager & PowerShell based scripts. So let’s get started.
My Test Environment.
I am using 2 virtual machines. Windows Server 2012 Domain Controller & Windows 8 Client machine.
DPE-WS12-VM01 - Windows Server 2012 Datacenter – Domain Controller, PowerShell Web Access Gateway & Destination. DPE-WIN8-CLI01 - Windows 8 Enterprise – Domain joined client/workstation
Note: This is a test environment using Virtual Machines & leveraging sample self-signed test certificate.
Ideally, this is how the overall architecture would look like in production environment.
Step 1: Login to the Domain Controller machine DPE-WS12-VM01 to install PowerShell Web Access using Server Manager. WE WILL PERFORM THE STEPS USING SERVER MANAGER. Note: You can perform this Step 1 using PowerShell as well. Refer http://technet.microsoft.com/en-us/library/hh831611.aspx
In Step 1, we have installed the features Windows PowerShell Web Access & server role Web Server Role (IIS).
Step 2: Now that we have installed the feature Windows PowerShell Web Access, we will now need to configure PowerShell Web Access Gateway so that my Application Pool should be available in my IIS Manager under Default Website. WE WILL PERFORM THE FOLLOWING USING POWERSHELL.
When you install the feature Windows PowerShell Web Access, the Application Folder is located in C:\Windows\Web\PowerShellWebAccess\wwwroot
Configure PowerShell Web Access Gateway using the following PowerShell Cmdlet.
Do one of the following to open a Windows PowerShell session.
Type the following, and then press Enter.
The following settings are configured by running the cmdlet. You can change these manually in the IIS Manager console, if desired.
At this stage you can see the PowerShell Web Access Application Pool configured in IIS Manager & also verify the same using the Web Browser. IMP Note: You cannot sign in until users have been granted access to the website by adding authorization rules.
Step 2A: To verify the same in IIS Manager, open Server Manager –> IIS –> Right click on DPE-WS12-VM01 & click on Internet Information Services (IIS) Manager
Step 2B: You can also verify the same from Web Browser. Go to CLIENT machine i.e. DPE-WIN8-CLI01. Open Internet Explorer & open https://DPE-WS12-VM01/pswa As we are using Test Certificate you will see the warning. Click on Continue.
Note: In production environment you must configure security using valid SSL certificate signed from the certificate provider.
Step 2C: Once you click on Continue you will the following Windows PowerShell Web Access login page.
Note: For more information about supported browsers and devices, see Browser and client device support in this document.
Step 3: Configure Authorization Rule & Site Security. WE WILL PERFORM THE FOLLOWING USING POWERSHELL
Now, we need to allow certain users access to the Windows PowerShell Web Access.
Every Windows PowerShell session uses a session configuration; if one is not specified for a session, Windows PowerShell uses the default, built-in Windows PowerShell session configuration, called Microsoft.PowerShell. The default session configuration includes all cmdlets that are available on a computer. Administrators can restrict access to all computers by defining a session configuration with a restricted runspace (a limited range of cmdlets and tasks that their end users could perform). A user who is granted access to one computer with either full language access or only the Windows PowerShell remote management cmdlets can connect to other computers that are connected to the first computer. Defining a restricted runspace can prevent users from accessing other computers from their allowed Windows PowerShell runspace, and improves the security of your Windows PowerShell Web Access environment. The session configuration can be distributed (by using Group Policy) to all computers that administrators want to make accessible through Windows PowerShell Web Access. For more information about session configurations, see about_Session_Configurations. The following are some examples of this scenario.
In this example, An administrator has set up a private test environment, and wants to allow all authorized network users access to all computers on the network to which they typically have access, with access to all session configurations to which they typically have access. Because this is a private test environment, the administrator creates an authorization rule that is not secure. The administrator runs the cmdlet Add-PswaAuthorizationRule * * *, which uses the wildcard character * to represent all users, all computers, and all configurations.
Add-PswaAuthorizationRule * * *
This rule is the equivalent of the following: Add-PswaAuthorizationRule –UserName * -ComputerName * -ConfigurationName *
Add-PswaAuthorizationRule –UserName * -ComputerName * -ConfigurationName *
We will perform the above step in PowerShell on Domain Controller DPE-WS12-VM01
With the above PowerShell we have allowed all authorized network users access to all computers on the network with access to all session configuration to which they typically have access.
Let’s Try Now…
Step 3A: Go to CLIENT MACHINE DPE-WIN8-CLI01. Open Internet Explorer & open https://DPE-WS12-VM01/pswa & click on Continue (as specified we are using Test Certificate)
You can also check optional connection settings…
Step 3B: On the login screen enter your administrator credentials & specify destination computer. Click on Sign In.
Step 3C: You will see the following status Signing In…
Upon successful login you will PowerShell Window in the Web Browser.
You can start running cmdlets in the above box.
I hope you enjoyed this post. I am looking forward to hear from you. Enjoy.
"Microsoft account" is the new name for what used to be called a "Windows Live ID." Your Microsoft account is the combination of an email address and a password that you use to sign in to services like Hotmail, SkyDrive, Windows Phone, or Xbox LIVE. If you use an email address and password to sign in to these or other services, you already have a Microsoft account—but you can also sign up for a new one at any time.
Over time, all Microsoft services will be switching from the old name to the new one. You might continue to see mentions of "Windows Live ID" instead of "Microsoft account" for a while—for example, on xbox.com or windowsphone.com—but the names mean the same thing, and the services will be updated soon.
First I would like to take this opportunity to say THANK YOU very much to all the IT Professionals across the globe I worked with directly or indirectly for your continuous support. For Microsoft July marks a new year starting today.
I will be connecting with you all in a same way in this year too with lot of new content. This is the year of WINDOWS with the products like Windows 8, Windows Server 2012, Windows Azure & Windows Phone 8 coming up soon. I am looking forward to have another exciting & rocking year.
If you have any queries/feedback, as always you can write back to me on email@example.com
Regards, Aviraj Ajgekar Technical Evangelist
Microsoft DirectAccess Connectivity Assistant (DCA) 2.0 RC can be used by computers running Windows 7 when connecting to internal corporate networks with DirectAccess in Windows Server 2012 RC. It improves the DirectAccess connection experience, supports one-time password (OTP) authentication for DirectAccess users and helps organizations reduce the cost of supporting DirectAccess users.
DCA 2.0 RC provides the following functionality: • Provides DirectAccess users with connectivity information. Users can view their DirectAccess connectivity status at all times. • Provides diagnostics and troubleshooting features. DCA 2.0 RC provides tools to help users reconnect if problems arise, and create diagnostics to provide IT administrators with troubleshooting information. • Supports one-time password (OTP) authentication for DirectAccess users required to authenticate using OTP. Note: DCA 2.0 RC can be installed on Windows 7 computers that connect to the corporate network using DirectAccess running on a Windows Server 2012 RC computer. It can be installed on Windows 7 computers that do not have DCA installed, or on computers running DCA 1.0 or DCA 1.5. DCA 2.0 RC should not be installed on computers running Windows 8 Consumer Preview. It should also not be installed on Windows 7 computers that connect to the corporate network using DirectAccess running on a Windows Server 2008 R2 computer or on a Forefront UAG server. The download includes the following components: • A zip file (DirectAccess_Connectivity_Assistant_2_0_RC.zip) containing a collection of all the files in this download. • GPO templates (DirectAccess_Connectivity_Assistant_2_0_RC_GP.adml; DirectAccess_Connectivity_Assistant_2_0_RC_GP.admx) for configuring DCA settings on client computers. • Installation files (DirectAccess_Connectivity_Assistant_2_0_RC_x64.msi; DirectAccess_Connectivity_Assistant_2_0_RC_x86.msi) required to install the application on 64-bit or 32-bit client computers. • An administrators guide (DirectAccess_Connectivity_Assistant_2_0_RC_AdminGuide.docx) that describes how to configure the GPO templates, and install the application. • A zip file (DirectAccess_Connectivity_Assistant_2_0_RC_UserGuide.zip) containing an end-user help file that can be distributed to client computers running DirectAccess Connectivity Assistant (DCA) 2.0. The zip file contains the document in all languages supported by DCA 2.0 RC. Note that when you install DCA 2.0, the .msi file runs in English. After Setup, the DCA user interface appears on the end-user computer in the language specified by the operating system.
Updates to System Center 2012 for compatibility with Windows Server 2012 Release Candidate including support for Azure VM and capabilities for Hosted Service Providers
This Community Technology Preview (“CTP2”) enables System Center customers to jointly evaluate System Center 2012 and Windows Server 2012 Release Candidate. CTP2 includes updates and enhancements to the following System Center 2012 components:
DOWNLOAD HERE CTP2 of System Center 2012, SP1
Today in Toronto, Canada, at Microsoft’s annual Worldwide Partner Conference, Windows Chief Marketing Officer and Chief Financial Officer Tami Reller spoke to thousands of partners from around the world. She shared some exciting new details regarding Windows that I wanted to pass along.
For the first time, we provided details on Windows 8 availability. Tami confirmed that Windows 8 is on track to Release to Manufacturing (RTM) the first week of August. For enterprise customers with Software Assurance benefits, they will have full access to Windows 8 bits as early as August. Additionally, she noted that RTM is when we’ll be turning on the commerce platform so that developers can start earning money for their apps – we'll have more to share on the Windows Store for developers blog soon. Of course, right now with the Windows 8 Release Preview, all apps are still free for people to try.
Read here full post http://windowsteamblog.com/windows/b/bloggingwindows/archive/2012/07/09/upcoming-windows-milestones-shared-with-partners-at-wpc.aspx
Yesterday I blogged about the availability of System Center 2012 Service Pack 1 CTP2. http://blogs.technet.com/b/aviraj/archive/2012/07/06/microsoft-download-center-system-center-2012-service-pack-1-ctp2.aspx
Today, I am sharing the technical documentation around the same.
The downloadable files listed on this page contain the product documentation for the CTP2 release of System Center 2012 Service Pack 1. The available downloads include:
DOWNLOAD HERE TECHNICAL DOCUMENTATION for CTP2 OF SYSTEM CENTER 2012 SP1
If you are looking forward for the latest & the greatest content on Microsoft technologies like Windows Server 2012, Windows 8, Windows Phone, Windows Azure then you should start visit Channel 9 site for TechEd 2012 content like session recordings & slides.
You will lot of fresh content on Virtualization, Management, Private Cloud, Deployment and more if you are an IT Professionals. If you are a Developer then enjoy the great content on Windows 8 Development, Azure & Windows Phone development.
For details visit http://channel9.msdn.com/Events/TechEd
In January we shared some thoughts on our approach to developer events, including a commitment to come back with more on our plans for an event this coming fall. Well, here it is: our next developer conference will be this fall, and it's (again) called BUILD. It will be held on Microsoft's campus in Redmond, Washington, from October 30th until November 2nd. Yes, that's right ... it's the week after Windows 8 becomes generally available worldwide. And in addition to Windows 8, we will have lots of other stuff to talk about, too: Windows Azure, Windows Phone 8, Windows Server 2012, Visual Studio 2012, and much more.
Complete announcement at http://channel9.msdn.com/Blogs/Vector/Announcing-BUILD-2012
Just got to read this fantastic article..
For details visit http://windowsteamblog.com/windows/b/bloggingwindows/archive/2012/07/02/upgrade-to-windows-8-pro-for-39-99.aspx
Have a great day ahead.
Windows Server 2012 delivers a dramatically simplified licensing experience. Shaped by feedback from customers and partners, the new Windows Server licensing approach will help make choosing the right Windows Server easier while delivering the following benefits.
For more details visit http://www.microsoft.com/en-us/server-cloud/windows-server/2012-editions.aspx
Introducing Outlook.com - Modern Email for the Next Billion Mailboxes
Recently, we talked about how we've reimagined cloud services for Windows 8 and Windows Phone. And we described new apps for Windows 8, updates to SkyDrive, and how cloud services power the new Office Preview, We've also been hard at work on a mission to reimagine personal email - from the datacenter all the way to the user experience. Today, we're starting to deliver on that goal with a preview of the new Outlook.com - modern email designed for the next billion mailboxes.
Webmail was first introduced with HoTMaiL in 1996. Back then, it was novel to have a personal email address you could keep for life - one that was totally independent from your business or internet service provider. Eight years later, Google introduced Gmail, which included 1 GB of storage and inbox search. And while Gmail and other webmail services like Hotmail have added some features since then, not much has fundamentally changed in webmail over the last 8 years - though yesterday's frustrations about the small size of inboxes are now things of the past. At the same time, email is becoming less and less useful as inboxes become cluttered with newsletters and social updates, and people increasingly keep up their personal connections in social networks instead of their email address books. All of this has led many to hope for a better solution so you don't have to settle for today's webmail.
For details visit http://blogs.office.com/b/microsoft-outlook/archive/2012/07/31/introducing-outlook-com-modern-email-for-the-next-billion-mailboxes.aspx
Start here Outlook.com