Pluralsight blog Where devs, IT admins & creative pros go for news, tips, videos and more.
Supercharge your skills with expert-authored tech & creative training. Unlimited. Online. Get it now →
February 6, 2013

How to Configure PowerShell Web Access (PSWA) in Windows Server 2012

By powershellbig

Windows Server 2012 has hundreds of new features and improvements that greatly enhance the day-to-day administrative experience, especially when it comes to Server Manager and PowerShell. Both have undergone a massive makeover in order to handle today’s huge and complex datacenter environments that are highly virtualized, multi-site, heterogeneous or even multi-tenant.

Server Manager in Windows Server 2012 now supports deployment of roles and features on remote servers from within the single Add Roles and Features wizard. And not just remote servers but also offline virtual hard disks! This is particularly helpful when you want to bring up a whole bunch of servers online from a base VHD with a particular role (like IIS or File Server) pre-installed. The new dashboard gives you an insightful overview of which servers are doing well and which ones need your attention. To put it shortly, comparing the old Server Manager to the new one is like comparing Ugly Betty to Megan Fox.

PowerShell 3.0 also has a whole list of new capabilities and support for a wide range of cmdlets. More than 2,300 cover about 85 different modules, to be specific. We’ll get into the details of that in another blog post, but for now, here’s my favorite part: PowerShell Web Access. Until today, you either had to be on a server or use a client with RSAT to do configuration tasks on a target server. But with PowerShell Web Access, you can do almost any task on any remote server from any device that has a standard web browser (that supports HTTPS, JavaScript and cookies). This means you can now be sitting in your company lunchroom eating a pizza and use your smartphone (Android, iOS, Windows, etc.) or even a tablet to do stuff in your datacenter. That is pretty cool, isn’t it?

In this post I’ll show you how to setup a PowerShell Web Access infrastructure in a test environment. We’ll do that in three parts:

Part I: Installing Windows PowerShell Web Access

    1. Log into your Windows Server 2012 test machine and click on Server Manager in the taskbar.
    2. Click on Add roles and features.
    3. Leave the defaults and click on the Next > button four times to come to the Select features page.
    4. Select the checkbox for Windows PowerShell Web Access and click on Add Features if prompted to in the pop up window.

    5. Leave the defaults and click on the Next > button three times to come to the Confirmation page.
    6. Click Install and wait for the installation to complete.
    7. Click on Close once the installation completes successfully.

      Part II: Configuring the gateway to use a test SSL certificate

      Click on Windows PowerShell in the taskbar to open the Windows PowerShell window. Then type:

      Install-PswaWebApplication –UseTestCertificate

      This will create an application pool for PSWA in IIS, create the PSWA web application, create a self-signed certificate and create an HTTPS binding between the test certificate and the PSWA application.

      Part III: Configuring authorization rules and site security

      Open PowerShell if not open already and type:

      Add-PswaAuthorizationRule –UserName * -ComputerName * -ConfigurationName *

      Or, in short Add-PswaAuthorizationRule * * *

      This will create an authorization rule which will allow all authorized users to connect to a remote PowerShell session on any server and all configurations.

      This is what the screen will look like when you’re done with Part II and Part III successfully:

      Next, open your browser and navigate to the URL https://<servernameORFQDN>/pswa pointing to the server you installed the PSWA application on. Ignore the warning of the certificate problem and continue.

      Sign in using your credentials and specify the name of the server of the remote PowerShell session you wish to connect.

      Once successfully signed in, this is what the screen should look like:

      Note: This setup uses a self-signed certificate and a blank authorization rule, which is not recommended in production. For a PowerShell Web Access deployment in production, refer this documentation.

      The reason why this feature is really important is that it extends the platform manageability of the server for the Administrator to not just Microsoft platforms but also non-Microsoft platforms. It enables the use of smartphones and tablets for administrative purposes, keeping in sync with the current trend of working more and more on portable devices.

      Need to boost your PowerShell skills or learn more about Server 2012? See TrainSignal’s PowerShell v3 New Features and Windows Server 2012 training.

      About the Author

      is a Microsoft and VMware certified IT Pro specializing in Core Infrastructure solutions like Windows Server, Active Directory, Exchange, SharePoint, Office 365, Azure, and System Center products. He has trained about half a dozen SI partner companies in India on Server 2012 and Private Cloud solutions covering over two thousand people. When he is not doing his geeky thing, he likes to hang out with friends to play a game of snooker or bowling. He also loves watching all types of movies, going out on long drives on the highway, listening to soothing music, and playing pranks on people.