How to Configure PowerShell Web Access (PSWA) in Windows Server 2012
Windows Server 2012 has hundreds of new features and improvements that greatly enhance the day-to-day administrative experience, especially when it comes to Server Manager and PowerShell. Both have undergone a massive makeover in order to handle today’s huge and complex datacenter environments that are highly virtualized, multi-site, heterogeneous or even multi-tenant.
Server Manager in Windows Server 2012 now supports deployment of roles and features on remote servers from within the single Add Roles and Features wizard. And not just remote servers but also offline virtual hard disks! This is particularly helpful when you want to bring up a whole bunch of servers online from a base VHD with a particular role (like IIS or File Server) pre-installed. The new dashboard gives you an insightful overview of which servers are doing well and which ones need your attention. To put it shortly, comparing the old Server Manager to the new one is like comparing Ugly Betty to Megan Fox.
In this post I’ll show you how to setup a PowerShell Web Access infrastructure in a test environment. We’ll do that in three parts:
1. Log into your Windows Server 2012 test machine and click on Server Manager in the taskbar.
2. Click on Add roles and features.
3. Leave the defaults and click on the Next > button four times to come to the Select features page.
4. Select the checkbox for Windows PowerShell Web Access and click on Add Features if prompted to in the pop up window.
5. Leave the defaults and click on the Next > button three times to come to the Confirmation page.
6. Click Install and wait for the installation to complete.
7. Click on Close once the installation completes successfully.
Click on Windows PowerShell in the taskbar to open the Windows PowerShell window. Then type:
This will create an application pool for PSWA in IIS, create the PSWA web application, create a self-signed certificate and create an HTTPS binding between the test certificate and the PSWA application.
Part III: Configuring authorization rules and site security
Open PowerShell if not open already and type:
Add-PswaAuthorizationRule –UserName * -ComputerName * -ConfigurationName *
Or, in short Add-PswaAuthorizationRule * * *
This will create an authorization rule which will allow all authorized users to connect to a remote PowerShell session on any server and all configurations.
This is what the screen will look like when you’re done with Part II and Part III successfully:
Next, open your browser and navigate to the URL https://<servernameORFQDN>/pswa pointing to the server you installed the PSWA application on. Ignore the warning of the certificate problem and continue.
Sign in using your credentials and specify the name of the server of the remote PowerShell session you wish to connect.
Once successfully signed in, this is what the screen should look like:
Note: This setup uses a self-signed certificate and a blank authorization rule, which is not recommended in production. For a PowerShell Web Access deployment in production, refer this documentation.
The reason why this feature is really important is that it extends the platform manageability of the server for the Administrator to not just Microsoft platforms but also non-Microsoft platforms. It enables the use of smartphones and tablets for administrative purposes, keeping in sync with the current trend of working more and more on portable devices.