Windows PowerShell Web Access
In the Windows Server Developer Preview (“Windows 8 Server”) released recently, a preview version of Windows PowerShell 3.0 is also included. In addition to the many news in the next version of PowerShell which I won`t cover in this article is a brand new feature named Windows PowerShell Web Access. As the name indicates this makes it possible to use Windows PowerShell using a browser from a computer, in addition to mobile devices.
Installation, configuration and user experience
Windows PowerShell Web Access is available as a feature in the new Server Manager:
After the feature is installed, some additional steps which is described in %systemroot%\Web\PowerShellWebAccess\wwwroot\README.txt is required:
To complete the installation of Windows PowerShell Web Access, please perform the
following tasks:1) Open a Windows PowerShell console with elevated user rights.
To do this, right click on PowerShell.exe, or a Windows PowerShell shortcut,
and then click “Run as administrator.”2) Be sure your Windows PowerShell environment is configured to run scripts.
For more information, see “Running Scripts from Within Windows PowerShell”
(http://technet.microsoft.com/en-us/library/ee176949.aspx).3) Run the following script:
${env:\windir}\Web\PowerShellWebAccess\wwwroot\setup.ps1
This is typically C:\Windows\Web\PowerShellWebAccess\wwwroot\setup.ps1
4) Create a server certificate.
For a test server, you can create a self-signed certificate by using the
Web Server (IIS) management console:(${env:\windir}\system32\inetsrv\InetMgr.exe)
From within the IIS management console, open the Web Servers parent node.
This is typically the node immediately under the Start Page node.In the results pane, select “Server Certificates” on the center pane, then
select “Create Self-Signed Certificate.”5) Create an SSL binding.
In the IIS management console, select “Default Web Site,” and then click
“Bindings” on the “Actions” menu. Click “Add,” select “https” on
the “Type” pull-down menu, and then in the “SSL certificate” list, select the
certificate that you created in step 4.For more information about how to create a server certificate and an SSL binding,
see “How to Set Up SSL on IIS 7”
(http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7).
The setup.ps1 script will create a new Web Application Pool and a new Web Application in Internet Information Services:
$ErrorActionPreference = ‘stop’
$wwwroot = “${env:\windir}\Web\PowerShellWebAccess\wwwroot”
if (!(Test-Path $wwwroot))
{
Write-Error “PowerShell Web Access has not been installed on this machine”
}
#
# Copy localized files to neutral location
#
foreach ($target in ($wwwroot,”$wwwroot\bin”))
{
foreach ($culture in (“en”,”en-us”,”qps-ploc”))
{
$source = “$target\$culture”
if (Test-Path $source)
{
copy “$source\*” $target
}
}
}
#
# Setup ASP.NET application
#
Import-Module WebAdministration
if (Get-WebApplication -name “pswa”)
{
Write-Error “The Windows PowerShell Web Access application (pswa) already exists on this machine”
}
New-WebAppPool “pswa”
New-WebApplication -Name “pswa” -Site “Default Web Site” -PhysicalPath $wwwroot -ApplicationPool “pswa”
If the script runs successfully, it returns the following output:
PS C:\> C:\Windows\Web\PowerShellWebAccess\wwwroot\setup.ps1
Name State Applications
—- —– ————
pswa Started
Path : /pswa
ApplicationPool : pswa
EnabledProtocols : http
PhysicalPath : C:\Windows\Web\PowerShellWebAccess\wwwroot
The final configuration step is to create and add a binding to a certificate as described in the link provided in the readme.txt file.
When done, you can access the feature by using the URL https://<servername>/pswa :
Specify credentials and a computer name to connect to, then hit the “Sign in” button. Another connection type available is “Connection URI”:
The options available under “Advanced Options”:
The available authentication types:
After signing in, you`ll be presented with a console looking like this:
The console host is called “ServerRemoteHost”:
Tab-completion works just like in the regular Windows PowerShell console host, and we also have access to the history by pressing the up and down arrows. To logoff, there is a Logoff-button in the bottom right corner.
The PowerShell Web Access also works perfectly fine on mobile devices. I`ve tried it on a Windows Phone 7 device, but unfortunately I don`t have any screen captures to share yet.
Congratulations to the Windows PowerShell team for providing this excellent new feature!
Note: Please be aware that this is a feature in a prerelease version of the next version of Windows Server, and thus the feature might be different in the final product.
Update 15.09.2011
Screen capture from PowerShell Web Access running on an Iphone:
Update 21.03.2012:
With the release of Windows Server 8 beta the configuration steps has changed. After installing the PowerShell Web Access feature you need to install a PSWA Web Application:
Install-PswaWebApplication
By default no authorization rules exist. Here is an example on how to create one that allows access to all computers (*) for the specified username/group:
Add-PswaAuthorizationRule -UserName domain\username -ComputerName * -ConfigurationName microsoft.powershell
Detailed instructions is available in the Deploy Windows PowerShell Web Access article on Microsoft TechNet.
26 Comments »
Leave a reply to Ferdinand Rios Cancel reply
About
Jan Egil Ring works as a Senior Consultant on the Infrastructure Team at Crayon, Norway.
He mainly works with Microsoft server-products, and has a strong passion for Windows PowerShell. In addition to being a consultant, he is a Microsoft Certified Trainer.
He has obtained several certifications such as MCITP: Enterprise Administrator and MCITP: Enterprise Messaging Administrator. For more details see his MCP Virtual Business Card.
In January 2011, he was awarded the Microsoft Most Valuable Professional Award for his contributions in the Windows PowerShell technical community.
His engagements as a speaker includes TechDays in Norway, as well as a Microsoft Office 365 bootcamp for Microsoft partners in Norway.
He is a co-founder of the Norwegian Microsoft Technology User Group (MTUG), which is an assosication of local MTUG user groups in Norway.
His intentions with this blog is to share experiences based on various projects and troubleshooting, as well as sharing different resource links to technologies he works with.
Google Reader – My Shared Items- An error has occurred; the feed is probably down. Try again later.
blog.powershell.no 
This is quite incredible. I’ve come to rely upon and develop short applications in Powershell (away from C#) because I can do most of the same things and more quickly. Having this available via browser (and I presume “any” browser) will be an incredible leap forward.
Hello JAn
Great post !
However I tried to activate this on my Win 8 server preview VPC and it doesn’t work (yet ! 🙂 …
I am now blocked on the login window (everything before went well : PS script and IIS config were OK)…
Do you use standard options (username, pwd and Computer name) only to connect or some choice of advanced options ?
Thanks in advance & Regards,
Patrick [SharePoint MVP]
Thanks!
I logged on using standard options. Is PowerShell Remoting enabled on the computer you`re trying to connect to? If yes, what is the error message?
[…] 4) Добавилась новая роль WindowsPowerShellWebAccess, теперь позволяет работать с PowerShell, через с помощью броузера , подробнее про установку роли – http://blog.powershell.no/2011/09/14/windows-powershell-web-access/ […]
Pingback by Новинки PowerShell V3 часть 4 « Kazun | September 19, 2011 |
[…] Pour plus de détails, voir ce site : http://blog.powershell.no/2011/09/14/windows-powershell-web-access/ […]
Pingback by [Windows 8 Server] Premières impressions (2/2)… , Le blog de Patrick [MVP SharePoint] | September 20, 2011 |
Hello,
Yes PS Remoting has been activated. The error message is “cannot establish a connection to the target computer”;
anyone resovled this issue?
I had no time to test it again however I think that during the test my AD was not confiugred completely (dcpromo was not passed) and that should certainly have been the cause of the issue.
Using powershell on the browser is really nice, it’s the point of access towards developer tools hosted in the cloud 🙂
If you’d like to learn about how to get Powershell V3 CTP outside the Windows 8 preview and some new cool stuff, fell free to visit this post: https://rambletech.wordpress.com/2011/09/21/windows-powershell-v3-includes-command-like-wgetcurl/
[…] a much-enhanced array of PowerShell cmdlets and the ability to log onto servers via the web with PowerShell Web Access brought a number of thoughts to mind (read my WindowsITPro.com blog for more on this […]
Pingback by Windows Server 8, Exchange, and Digital Command Language | Thoughtsofanidlemind's Blog | September 22, 2011 |
I can’t seem to do remoting from the web console. If I do an icm to another computer, I get “Connecting to remote server failed.” But it works fine if I log into the server and use the regular posh console. Is remoting disabled through pswa?
Hello there. PSWA runs on top of a PowerShell Remoting connection so if you try to establish another remoting connection (in this case via icm) you’d be doing a “second-hop”. Try providing your credentials to icm: “icm –credential $(get-credential) …”.
[…] PowerShell Web Access in the next version of Windows Server, which I`ve previously written an article […]
Pingback by What`s New in Windows PowerShell 3.0 « blog.powershell.no | September 25, 2011 |
[…] and run Unlock-ADAccount <username>. Screenshots and installation guidance is available in this blog […]
Pingback by PowerShell Magazine » An overview of Windows PowerShell features in Windows Server 8 Developer Preview | October 3, 2011 |
[…] Windows PowerShell Web Access […]
Pingback by Episode 162 – Mike Pfeiffer from Interface Technical Training « PowerScripting Podcast | October 18, 2011 |
[…] http://blog.powershell.no/2011/09/14/windows-powershell-web-access/ […]
Pingback by PowerShell Web Access » RO Windows Administrators Weblog | November 18, 2011 |
[…] todos ser chamando este “PWA” nos próximos meses.Você pode ver algumas grandes exemplos de como funciona esse recurso no blog do MVP Jan Egil […]
Pingback by Windows PowerShell: Conheça o novo Shell | January 4, 2012 |
[…] nós vamos todos ser chamando este “PWA” nos próximos meses.Você pode ver algumas grandes exemplos de como funciona esse recurso no blog do MVP Jan Egil […]
Pingback by Windows PowerShell: Conheça o novo Shell « Marcelo Nogueira | January 4, 2012 |
I have tried adding the CPT2 to Windows 2008 Server R2. It installs fine, but I can’t find any of the Web Access scripts so I am kind of stuck. Any help would be appreciated.
Hi Ferdinand,
The Web Access feature is part of “Windows Server 8”, it won`t be available for downlevel OS`es.
Hi Jan Egil Ring,
I am Sachin. Currently I am developing one web application in c# and asp.net to call powershell command on any machine in the world. It has textboxes to take IP, domain name, and admin credentials. Below that there is one text box to type the command and another to display the result. But I am unable to connect to powershell of other machine through my application. It is giving error:
Error : Connecting to remote server failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.Command Sucessful .
I am attaching my code here, if anything wrong please guide me.
protected void Button1_Click(object sender, EventArgs e)
{
System.Security.SecureString password = new System.Security.SecureString();
string pwd = “password”;
foreach (char c in pwd)
{
password.AppendChar(c);
}
PSCredential cred = new PSCredential(“domain\\administrator”, password);
Runspace runspace;
WSManConnectionInfo connectionInfo;
Collection results;
PowerShell powershell;
PSCommand command;
StringBuilder sb=new StringBuilder();
try
{
connectionInfo = new WSManConnectionInfo(new Uri(“http://IpAddress/powershell?serializationLevel=Full”), “http://schemas.microsoft.com/powershell/Microsoft.PowerShell”, cred);
runspace = System.Management.Automation.Runspaces.RunspaceFactory.CreateRunspace(connectionInfo);
}
catch (Exception exe)
{
Response.Write(“Error in connection: “+exe.Message);
return;
}
powershell = PowerShell.Create();
command = new PSCommand();
command.AddCommand(TextBox1.Text);
try
{
runspace.Open();
powershell.Runspace = runspace;
powershell.Commands = command;
results = powershell.Invoke();
foreach (PSObject result in results)
{
TextBox2.Text = result.ToString();
}
}
catch (Exception e1)
{
Response.Write(“Error : ” + e1.Message);
}
Response.Write(“Command Sucessful”);
}
[…] PowerShell Web Access in the next version of Windows Server, which I`ve previously written an article […]
Pingback by What`s New in Windows PowerShell 3.0 | Engin ÇAPAT | March 14, 2012 |
I have everything working up to the Web Access login screen. I get “An authorization failure occurred. Verify that you are authorized to connect to the destination computer, and that you have entered your credentials correctly.”
My test server is running in a workgroup (not a domain). When I enumerate the PowerShell listeners, I only get a listener on port 5985 for HTTP. When i try to create a listener for 5986 (HTTPS) I get a message that “Cannot create a WinRM listener because the machine does not have an appropriate certificate.” It goes on to say that the cert cannot be self signed. Any ideas?
Did you add an authorization rule?
By default no authorization rules exist, here is an example on how to create one that allows access to all computers (*) for the specified username/group:
Add-PswaAuthorizationRule -UserName username -ComputerName * -ConfigurationName microsoft.powershell
Detailed instructions is available in the Deploy Windows PowerShell Web Access article on Microsoft TechNet.
In regards to the certificate I`m not sure, but it seems like you need a certificate from an internal PKI or a public CA to make it work.
Thanks for that info. The rule got me past the login issue. I now get “The PowerShell Web Access gateway cannot establish a connection to the destination computer, contact your system administrator.” as an error. i wonder if that is related to the cert. Any ideas?
I would start by trying PowerShell remoting from the PowerShell console on the PSWA server against the computer you`re trying to access through PSWA. If that also fails we can eliminate a problem with PSWA.