Sharing of thoughts and information is what blogging is all about. This way we can learn from each other. Post A Comment!These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.
Anthony Bartolo Twitter | LinkedIn
Pierre Roman Twitter | LinkedIn
Last night after delivering an IT Camp for a partner organization, I went out with some friends and we were discussing remote management capabilities of Windows Server 2012 R2. ( I know, I'm loose downtown Montreal, and we are talking about remote management…. I’m a geek… what can I say? )
Anyway, It got me thinking about not having to RDP in a remote server in order to use PowerShell to manage my environment. Because, really, that’s the way I've been doing it. it’s easy, it works… Why fix what is not broken? Well just for kicks I setup a PowerShell Web Access Gateway in my environment. Actually I put it in the Azure public Facing Subnet I setup a few weeks ago.
I did add two endpoints to my VM in Azure to allow access to HTTP and HTTPS. (port 80 and 443)
Windows PowerShell Web Access acts as a gateway that provides a web-based Windows PowerShell console that is targeted at a remote computer. It enables IT Pros to run Windows PowerShell commands and scripts from a Windows PowerShell console in a web browser, with no Windows PowerShell, remote management software, or browser plug-in installation necessary on the client device.
Active Directory Domain Services domain controller (DC)
A server running Windows Server 2012 R2 for the gateway
a client to connect from… in my case a Windows 8.1 enterprise machine
Using Server Manager and the Add Roles and Services, I installed the Windows PowerShell Web Access features and accepted the additional features that the wizard mentioned.
Configure PowerShell Web Access Gateway using the following PowerShell Cmdlet.
The UseTestCertificate parameter should only be used in a private test environment. For a secure production environment, I recommend using a valid certificate that has been signed by a CA.
Running the cmdlet installs the Windows PowerShell Web Access web application within the IIS Default Web Site container. The cmdlet creates the infrastructure required to run Windows PowerShell Web Access on the default website, https://<server_name>/pswa. To install the web application in a different website, provide the website name by adding the WebSiteName parameter. To change the name of the web application (the default is pswa), add the WebApplicationName parameter.
After Windows PowerShell Web Access is installed and the gateway is configured, users can open the sign-in page in a browser, but they cannot sign in until the Windows PowerShell Web Access administrator grants users access explicitly. Windows PowerShell Web Access access control is managed by using the set of Windows PowerShell cmdlets described in the following table. There is no comparable GUI for adding or managing authorization rules.
Adds a new authorization rule to the Windows PowerShell Web Access authorization rule set.
Removes a specified authorization rule from Windows PowerShell Web Access.
Returns a set of Windows PowerShell Web Access authorization rules. When it is used without parameters, the cmdlet returns all rules.
Evaluates authorization rules to determine if a specific user, computer, or session configuration access request is authorized. By default, if no parameters are added, the cmdlet evaluates all authorization rules. By adding parameters, administrators can specify an authorization rule or a subset of rules to test.
For this lab we will use a wide open authorization rule. but I do recommend you lock that stuff down in production. Better safe than sorry. To add a restrictive authorization rule that would allow any users access to any computer we’ll use the following command.
Add-PswaAuthorizationRule –UserName * -ComputerName * -ConfigurationName *
Now that it’s all configured, I can access the gateway from any machine on the internet. However since we used a self signed certificate we will get the following error when connecting to the site.
Just select Continue to this website. and the page will open asking you for your credentials, and connection information to open the PowerShell gateway to that box.
Once the information is entered you’ll be connected through to browser to a PowerShell session on the target computer you defined.
There you go. Another way of setting up remote management. You can even manage your environment using commodity tablets. That’s BYOD.
Pierre Roman | Technology Evangelist Twitter | Facebook | LinkedIn
Very good sample. Thanks for sharing