Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

PowerShell Web Access eliminates location restrictions

IT professionals no longer need to be glued to their laptop to manage their virtual environments. PowerShell Web Access allows professionals to handle anything from a phone or a tablet.

Managing your virtualization environment while away from the office, or on vacation, can be made simple regardless of your virtualization platform. From any device -- not just your laptop -- you can still have complete control.

Like most IT pros, I'm sure you already have access to your network when away on vacation or just home for the weekend. Sometimes it seems professionals are always on-call to support some sudden serious problem or event. Access methods vary depending on the company and arrangements setup in the network. Most IT pros use a VPN to securely connect to the network and launch their graphical management applications. If you have advanced the management of your virtualization environment to include automation with PowerShell, then you have a new remote management tool you can add to your toolbox absolutely free.

Why you want to add this tool

Regardless of the virtualization vendor -- VMware, Microsoft or Citrix -- the wealth of real-time management and automation support using PowerShell is vast. If you're using PowerShell at the office, why not take it with you wherever you go?

The challenge of troubleshooting a problem, running reports or kicking off automation while away from the office revolves around the management source -- your laptop. I know you don't carry it with you everywhere you go, and certainly those times when on vacation, the beach is the last place to have a laptop. Even if you have one, connectivity back to the office is another challenge as you look for the nearest hotspot.

Instead of your laptop, consider managing from any device, like your phone or tablet. The only application you need is a Web browser -- any vendor's Web browser on any device will work -- along with connectivity using wireless or cell service.

Using PowerShell Web Access (PWA) to manage Active Directory using Safari on an Apple MacBook.

What is this miracle tool?

Windows PowerShell Web Access (PWA) is a secure, lightweight website running on a Web server located in your network. It acts as a Windows PowerShell gateway connected to a remote computer in your environment, providing a PowerShell console-like screen in your browser so you can run cmdlets or scripts to manage your virtualization environment.

No additional management software or browser plug-ins are needed on the client, giving you the flexibility to use everything from a laptop to your phone to perform management tasks.

Imagine being able to perform troubleshooting and management tasks, such as launching VMs, moving VMs and performing routine maintenance from your phone.

It's easy to set up and configure. Plus, you already own it if you have Windows Server 2012 or 2012 R2.

Try before you buy

I've set this up for a lot of customers, but before you dig into the details and install a new Web server on your network, give it a try first in a lab environment to test out the functionality. This will give you a chance to become familiar with the components and security. So grab a Windows Server 2012 or 2012 R2 VM and let's install and configure Windows PowerShell Web Access.

Windows PowerShell Web Access is a Windows feature that can be installed using the graphical Server Manager or PowerShell. You can discover all the PowerShell features of Windows Server 2012 R2 by typing the following at a PowerShell prompt:

PS C:\> Get-WindowsFeature *PowerShell*

To install the feature, use the Install-WindowsFeature cmdlet and type the name of the feature. You can also accomplish this over PowerShell Remoting if the server is located in a distant data center or a cloud-based VM, like Azure.

PS C:\> Install-WindowsFeature WindowsPowerShellWebAccess

When PWA installs, it includes a module of six cmdlets to configure the Web application and security. It's pretty easy to figure it out at this point, but let's step through it and look at some of the options.

To get a list of the PWA cmdlets, use Get-Help to discover them:

PS C:\> Get-Help *PSWA*

The first task is to install the PWA application. By default, this cmdlet will install the Web application as an additional path of the default website. In other words, the local URL will be something like HTTPS://<ServerName>/PSWA. If you go looking for the actual website files, you won't find them in the default website -- they are located in c:\Windows\Web\PowerShellWebAccess\wwwroot -- but you shouldn't need to go there to make any changes. There are advanced configurations if you wish to have PWA on a different website and without the additional path in the URL, but that is for another time -- the default configuration will work just fine.

You will also need an SSL certificate for the website. The Install-PSWAWebApplication cmdlet has a parameter that will create and bind a self-signed 90-day certificate to the website for testing purposes, but you will want to replace this when moving to production.

PS C:\> Install-PswaWebApplication -UseTestCertificate

The Web application is created along with an application pool for the website. At this point it's time to decide who should get the ability to use PWA and where they can use it remotely.

You can add, view and remove authorization rules using the cmdlets. The rules allow you to add an extra layer of security to determine who is allowed to use PWA. In some cases, you may not want certain administrators to perform remote management, so don't include them in a rule.  You can also determine which computers can be accessed with PWA. In many cases, one specific computer may be treated as the Bastion, or source computer, that contains the modules and scripts needed for management, or you can allow access to all your computers. Here is an example of permitting the administrator access to a single computer.

Note: The ConfigurationName parameter is required and allows you to specify PowerShell endpoints. Endpoints can restrict the cmdlets a remote user has access to use. In this example, there will be no restrictions.

PS C:\> Add-PswaAuthorizationRule -UserName Company\Administrator -ComputerName DC.Company.PRI -ConfigurationName *

At this point, you're ready to test PowerShell Web Access and attempt to log on. Open a browser and type the URL to the website:


When the logon screen appears, enter the domain/username along with the password and the computer name of the computer you want to remote.

Trick or treat?

I'm often asked if I really use this, if I really set this up for customers, and the answer is yes. It's secured just like any other website that you put your credit card information into when you're shopping online and it works on whatever device you have in your hand at the moment.

Typing long commands on a smartphone is not easy, but launching scripts from my phone is a breeze. I almost always have my tablet with me, and I can use PowerShell to manage my virtual environment and any other product or server on my network. It's not the only management tool I have, but it's certainly one I keep in the toolbox for the next time I'm away from the office.

Dig Deeper on Improving server management with virtualization

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.