Pluralsight blog Where devs, IT admins & creative pros go for news, tips, videos and more.
3,500+ tech & creative courses authored by experts - unlimited & online Get it now →
February 6, 2013

How to Configure PowerShell Web Access (PSWA) in Windows Server 2012

By powershellbig

Windows Server 2012 has hundreds of new features and improvements that greatly enhance the day-to-day administrative experience, especially when it comes to Server Manager and PowerShell. Both have undergone a massive makeover in order to handle today’s huge and complex datacenter environments that are highly virtualized, multi-site, heterogeneous or even multi-tenant.

Server Manager in Windows Server 2012 now supports deployment of roles and features on remote servers from within the single Add Roles and Features wizard. And not just remote servers but also offline virtual hard disks! This is particularly helpful when you want to bring up a whole bunch of servers online from a base VHD with a particular role (like IIS or File Server) pre-installed. The new dashboard gives you an insightful overview of which servers are doing well and which ones need your attention. To put it shortly, comparing the old Server Manager to the new one is like comparing Ugly Betty to Megan Fox.

PowerShell 3.0 also has a whole list of new capabilities and support for a wide range of cmdlets. More than 2,300 cover about 85 different modules, to be specific. We’ll get into the details of that in another blog post, but for now, here’s my favorite part: PowerShell Web Access. Until today, you either had to be on a server or use a client with RSAT to do configuration tasks on a target server. But with PowerShell Web Access, you can do almost any task on any remote server from any device that has a standard web browser (that supports HTTPS, JavaScript and cookies). This means you can now be sitting in your company lunchroom eating a pizza and use your smartphone (Android, iOS, Windows, etc.) or even a tablet to do stuff in your datacenter. That is pretty cool, isn’t it?

In this post I’ll show you how to setup a PowerShell Web Access infrastructure in a test environment. We’ll do that in three parts:

Part I: Installing Windows PowerShell Web Access

    1. Log into your Windows Server 2012 test machine and click on Server Manager in the taskbar.
    2. Click on Add roles and features.
    3. Leave the defaults and click on the Next > button four times to come to the Select features page.
    4. Select the checkbox for Windows PowerShell Web Access and click on Add Features if prompted to in the pop up window.

    5. Leave the defaults and click on the Next > button three times to come to the Confirmation page.
    6. Click Install and wait for the installation to complete.
    7. Click on Close once the installation completes successfully.

      Part II: Configuring the gateway to use a test SSL certificate

      Click on Windows PowerShell in the taskbar to open the Windows PowerShell window. Then type:

      Install-PswaWebApplication –UseTestCertificate

      This will create an application pool for PSWA in IIS, create the PSWA web application, create a self-signed certificate and create an HTTPS binding between the test certificate and the PSWA application.

      Part III: Configuring authorization rules and site security

      Open PowerShell if not open already and type:

      Add-PswaAuthorizationRule –UserName * -ComputerName * -ConfigurationName *

      Or, in short Add-PswaAuthorizationRule * * *

      This will create an authorization rule which will allow all authorized users to connect to a remote PowerShell session on any server and all configurations.

      This is what the screen will look like when you’re done with Part II and Part III successfully:

      Next, open your browser and navigate to the URL https://<servernameORFQDN>/pswa pointing to the server you installed the PSWA application on. Ignore the warning of the certificate problem and continue.

      Sign in using your credentials and specify the name of the server of the remote PowerShell session you wish to connect.

      Once successfully signed in, this is what the screen should look like:

      Note: This setup uses a self-signed certificate and a blank authorization rule, which is not recommended in production. For a PowerShell Web Access deployment in production, refer this documentation.

      The reason why this feature is really important is that it extends the platform manageability of the server for the Administrator to not just Microsoft platforms but also non-Microsoft platforms. It enables the use of smartphones and tablets for administrative purposes, keeping in sync with the current trend of working more and more on portable devices.

      Need to boost your PowerShell skills or learn more about Server 2012? See TrainSignal’s PowerShell v3 New Features and Windows Server 2012 training.

      About the Author

      is a Microsoft Certified Technology Specialist (x3) and a Windows Server Freak! He mainly works on Microsoft's IT Infrastructure technologies like Windows Server, Windows Client, Exchange, System Center suite, Forefront suite, Virtualization, SharePoint, etc. and a little bit of networking. He currently works at Technofocus Solutions, a company that architects, tests, implements and trains on IT requirements of various clients ranging from SMBs to large enterprises.


      Discussion