Windows PowerShell Web Access

In the Windows Server Developer Preview (“Windows 8 Server”) released recently, a preview version of Windows PowerShell 3.0 is also included. In addition to the many news in the next version of PowerShell which I won`t cover in this article is a brand new feature named Windows PowerShell Web Access. As the name indicates this makes it possible to use Windows PowerShell using a browser from a computer, in addition to mobile devices.

Installation, configuration and user experience

Windows PowerShell Web Access is available as a feature in the new Server Manager:

image

After the feature is installed, some additional steps which is described in %systemroot%WebPowerShellWebAccesswwwrootREADME.txt is required:

To complete the installation of Windows PowerShell Web Access, please perform the
following tasks:

1) Open a Windows PowerShell console with elevated user rights.

To do this, right click on PowerShell.exe, or a Windows PowerShell shortcut,
and then click “Run as administrator.”

2) Be sure your Windows PowerShell environment is configured to run scripts.

For more information, see “Running Scripts from Within Windows PowerShell”
(http://technet.microsoft.com/en-us/library/ee176949.aspx).

3) Run the following script:

${env:windir}WebPowerShellWebAccesswwwrootsetup.ps1

This is typically C:WindowsWebPowerShellWebAccesswwwrootsetup.ps1

4) Create a server certificate.

For a test server, you can create a self-signed certificate by using the
Web Server (IIS) management console:

(${env:windir}system32inetsrvInetMgr.exe)

From within the IIS management console, open the Web Servers parent node.
This is typically the node immediately under the Start Page node.

In the results pane, select “Server Certificates” on the center pane, then
select “Create Self-Signed Certificate.”

5) Create an SSL binding.

In the IIS management console, select “Default Web Site,” and then click
“Bindings” on the “Actions” menu. Click “Add,” select “https” on
the “Type” pull-down menu, and then in the “SSL certificate” list, select the
certificate that you created in step 4.

For more information about how to create a server certificate and an SSL binding,
see “How to Set Up SSL on IIS 7″
(http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7).

The setup.ps1 script will create a new Web Application Pool and a new Web Application in Internet Information Services:

$ErrorActionPreference = ‘stop’

$wwwroot = “${env:windir}WebPowerShellWebAccesswwwroot”

if (!(Test-Path $wwwroot))
{
Write-Error “PowerShell Web Access has not been installed on this machine”
}

#
# Copy localized files to neutral location
#
foreach ($target in ($wwwroot,”$wwwrootbin”))
{
foreach ($culture in (“en”,”en-us”,”qps-ploc”))
{
$source = “$target$culture”

        if (Test-Path $source)
{
copy “$source*” $target
}
}
}

#
# Setup ASP.NET application
#
Import-Module WebAdministration

if (Get-WebApplication -name “pswa”)
{
Write-Error “The Windows PowerShell Web Access application (pswa) already exists on this machine”
}

New-WebAppPool “pswa”

New-WebApplication -Name “pswa” -Site “Default Web Site” -PhysicalPath $wwwroot -ApplicationPool “pswa”

If the script runs successfully, it returns the following output:

PS C:> C:WindowsWebPowerShellWebAccesswwwrootsetup.ps1

Name                     State        Applications

—-                     —–        ————

pswa                     Started

Path             : /pswa

ApplicationPool  : pswa

EnabledProtocols : http

PhysicalPath     : C:WindowsWebPowerShellWebAccesswwwroot

The final configuration step is to create and add a binding to a certificate as described in the link provided in the readme.txt file.

When done, you can access the feature by using the URL https://<servername>/pswa :

image

Specify credentials and a computer name to connect to, then hit the “Sign in” button. Another connection type available is “Connection URI”:

image

The options available under “Advanced Options”:

image

The available authentication types:

image

After signing in, you`ll be presented with a console looking like this:

image

The console host is called “ServerRemoteHost”:

image

Tab-completion works just like in the regular Windows PowerShell console host, and we also have access to the history by pressing the up and down arrows. To logoff, there is a Logoff-button in the bottom right corner.

The PowerShell Web Access also works perfectly fine on mobile devices. I`ve tried it on a Windows Phone 7 device, but unfortunately I don`t have any screen captures to share yet.

Congratulations to the Windows PowerShell team for providing this excellent new feature!

Note: Please be aware that this is a feature in a prerelease version of the next version of Windows Server, and thus the feature might be different in the final product.

Update 15.09.2011

Screen capture from PowerShell Web Access running on an Iphone:

 

 

 

 

 

 

 

 

 
Update 21.03.2012:
With the release of Windows Server 8 beta the configuration steps has changed. After installing the PowerShell Web Access feature you need to install a PSWA Web Application:

Install-PswaWebApplication

By default no authorization rules exist. Here is an example on how to create one that allows access to all computers (*) for the specified username/group:

Add-PswaAuthorizationRule -UserName domainusername -ComputerName * -ConfigurationName microsoft.powershell

Detailed instructions is available in the Deploy Windows PowerShell Web Access article on Microsoft TechNet.

30 thoughts on “Windows PowerShell Web Access

  1. This is quite incredible. I’ve come to rely upon and develop short applications in Powershell (away from C#) because I can do most of the same things and more quickly. Having this available via browser (and I presume “any” browser) will be an incredible leap forward.

  2. Hello JAn
    Great post !
    However I tried to activate this on my Win 8 server preview VPC and it doesn’t work (yet ! :-)

    I am now blocked on the login window (everything before went well : PS script and IIS config were OK)…

    Do you use standard options (username, pwd and Computer name) only to connect or some choice of advanced options ?

    Thanks in advance & Regards,
    Patrick [SharePoint MVP]

  3. Pingback: Новинки PowerShell V3 часть 4 « Kazun

  4. Pingback: [Windows 8 Server] Premières impressions (2/2)… , Le blog de Patrick [MVP SharePoint]

  5. Pingback: Windows Server 8, Exchange, and Digital Command Language | Thoughtsofanidlemind's Blog

  6. I can’t seem to do remoting from the web console. If I do an icm to another computer, I get “Connecting to remote server failed.” But it works fine if I log into the server and use the regular posh console. Is remoting disabled through pswa?

    • Hello there. PSWA runs on top of a PowerShell Remoting connection so if you try to establish another remoting connection (in this case via icm) you’d be doing a “second-hop”. Try providing your credentials to icm: “icm –credential $(get-credential) …”.

  7. Pingback: What`s New in Windows PowerShell 3.0 « blog.powershell.no

  8. Pingback: PowerShell Magazine » An overview of Windows PowerShell features in Windows Server 8 Developer Preview

  9. Pingback: Episode 162 – Mike Pfeiffer from Interface Technical Training « PowerScripting Podcast

  10. Pingback: PowerShell Web Access » RO Windows Administrators Weblog

  11. Pingback: Windows PowerShell: Conheça o novo Shell

  12. Pingback: Windows PowerShell: Conheça o novo Shell « Marcelo Nogueira

  13. Hi Jan Egil Ring,
    I am Sachin. Currently I am developing one web application in c# and asp.net to call powershell command on any machine in the world. It has textboxes to take IP, domain name, and admin credentials. Below that there is one text box to type the command and another to display the result. But I am unable to connect to powershell of other machine through my application. It is giving error:

    Error : Connecting to remote server failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.Command Sucessful .

    I am attaching my code here, if anything wrong please guide me.

    protected void Button1_Click(object sender, EventArgs e)
    {
    System.Security.SecureString password = new System.Security.SecureString();
    string pwd = “password”;

    foreach (char c in pwd)
    {
    password.AppendChar(c);
    }

    PSCredential cred = new PSCredential(“domain\administrator”, password);
    Runspace runspace;
    WSManConnectionInfo connectionInfo;
    Collection results;
    PowerShell powershell;
    PSCommand command;
    StringBuilder sb=new StringBuilder();
    try
    {
    connectionInfo = new WSManConnectionInfo(new Uri(“http://IpAddress/powershell?serializationLevel=Full”), “http://schemas.microsoft.com/powershell/Microsoft.PowerShell”, cred);
    runspace = System.Management.Automation.Runspaces.RunspaceFactory.CreateRunspace(connectionInfo);
    }
    catch (Exception exe)
    {
    Response.Write(“Error in connection: “+exe.Message);
    return;
    }

    powershell = PowerShell.Create();
    command = new PSCommand();
    command.AddCommand(TextBox1.Text);
    try
    {
    runspace.Open();
    powershell.Runspace = runspace;
    powershell.Commands = command;
    results = powershell.Invoke();
    foreach (PSObject result in results)
    {
    TextBox2.Text = result.ToString();
    }
    }
    catch (Exception e1)
    {
    Response.Write(“Error : ” + e1.Message);
    }
    Response.Write(“Command Sucessful”);
    }

  14. Pingback: What`s New in Windows PowerShell 3.0 | Engin ÇAPAT

  15. I have everything working up to the Web Access login screen. I get “An authorization failure occurred. Verify that you are authorized to connect to the destination computer, and that you have entered your credentials correctly.”

    My test server is running in a workgroup (not a domain). When I enumerate the PowerShell listeners, I only get a listener on port 5985 for HTTP. When i try to create a listener for 5986 (HTTPS) I get a message that “Cannot create a WinRM listener because the machine does not have an appropriate certificate.” It goes on to say that the cert cannot be self signed. Any ideas?

    • Did you add an authorization rule?

      By default no authorization rules exist, here is an example on how to create one that allows access to all computers (*) for the specified username/group:

      Add-PswaAuthorizationRule -UserName username -ComputerName * -ConfigurationName microsoft.powershell

      Detailed instructions is available in the Deploy Windows PowerShell Web Access article on Microsoft TechNet.

      In regards to the certificate I`m not sure, but it seems like you need a certificate from an internal PKI or a public CA to make it work.

      • Thanks for that info. The rule got me past the login issue. I now get “The PowerShell Web Access gateway cannot establish a connection to the destination computer, contact your system administrator.” as an error. i wonder if that is related to the cert. Any ideas?

      • I would start by trying PowerShell remoting from the PowerShell console on the PSWA server against the computer you`re trying to access through PSWA. If that also fails we can eliminate a problem with PSWA.

  16. Pingback: Powershell Web access in Windows Server 2012 « The PowerShell of Windows

  17. Is it possible to use it to manage Exchange Server 2010.
    I conifgured powershel web acces and i am able to login to my Exchange Server.
    If i try some Exchange command after importing Exchange Snapin i get following error message
    Value cannot be null.
    Parameter name: serverSettings
    + CategoryInfo : NotSpecified: (:) [Get-Mailbox], ArgumentNullException
    + FullyQualifiedErrorId : System.ArgumentNullException,Microsoft.Exchange.Management.RecipientTasks.GetMailbox

    Does someone know why?

  18. Pingback: Top 5 New Lync 2013 PowerShell Functionality | Inside Lync