Source Address: http: //www.powershellfans.com/ p = 1014?
=================================================================
Always keep up with changes planned, I had wanted to introduce Windows Server 8 Beta everyone in the long-awaited Hyper-V 3.0, but today or next adjustment program, to introduce the new Windows PowerShell Web Access Windows Server 8 Beta provided.
As we all know, the Windows PowerShell up 2.0, native PowerShell is a pure desktop application, although third-party companies such as Quest provides a Web-based solution, but we may quite expect Microsoft to provide native support, so we are very lucky see the Windows PowerShell Web Access in Windows Server 8. Here's a look at some information about the Windows PowerShell Web Access.
Windows PowerShell Web Access Overview
Windows PowerShell Web Access is Microsoft Windows Server 8 Beta added a new feature, which plays a major role in this Windows PowerShell gateway server, allows administrators browser or mobile device access and management through internal server. Because itself is a Web-based platform, it can be a wide range of client device support, and the client does not need to install Windows PowerShell, remote management software or browser plug-in to access the Windows PowerShell Web Access.
A prerequisite for running the Windows PowerShell Web Access
To run Windows PowerShell Web Access, we must install .Net Framework 4.0 and Windows PowerShell 3.0. Since then referred to as Windows PowerShell Web Access, then IIS is also essential. As the administrator can perform some operations potentially have a significant impact on the production environment using Windows PowerShell, and therefore also need to plan in advance the user's Windows PowerShell Web Access, and set up appropriate rules in IIS and Windows PowerShell Web Access authorization rules, after this process will be described in detail, please pay attention.
Browsers and mobile end device support
The current mainstream desktop and mobile devices support access Windows PowerShell Web Access. For example, Microsoft's own IE8-IE10, Windows Phone 7.0 and Windows 7.5. Mozilla's Firefox, Apple's Safari, Google's Android and Chrome are accessible.
Windows PowerShell Web Access installation trilogy
Currently in Windows Server 8 Beta version, Windows PowerShell Web Access can not be done simply by adding server roles and features to delete the installation wizard to complete the installation and configuration, administrators need to manually complete some setup work in order to use Windows PowerShell Web Access, but please do not worry, these configurations work can also be done by cmdlet. Specific steps are as follows:
- Install Windows PowerShell Web Access
- 配置Windows PowerShell Web Access
- Configuring authorization rules and site security
Install Windows PowerShell Web Access
安装Windows PowerShell Web Access的过程其实并不复杂,习惯图形界面的朋友可以打开Server Manager,然后通过添加删除服务器角色和功能向导,在服务器功能页面中找到Windows PowerShell Web Access项来进行安装。
如果是Windows PowerShell的狂热粉丝的话,可以在以管理员身份(提升权限)的Windows PowerShell控制台中通过以下命令来进行安装:
Install-WindowsFeature -Name WindowsPowerShellWebAccess -ComputerName <computer_name> -IncludeManagementTools -Restart
(CNSHRRASSVR01是另一台虚拟机,这里的截图是为了方便大家看下安装过程,随后我将使用的是另一台虚拟机,CNSHUTILSVR01)
配置Windows PowerShell Web Access
正如之前所说的,在安装完Windows PowerShell Web Access组件后,我们还需要进行相应的配置。相应的配置命令可以通过Install-PswaWebApplication来进行,然而在运行命令之 前,还分两种情况。这两种情况是和使用何种证书有关。相信大家也可以理解,为了保证用户和Web应用之间的交互信息不被第三方程序所捕获,为Web应用启 用证书,强制用户使用https访问已经是非常通用的做法了,这里也不例外。我们可以通过在运行Install-PswaWebApplication命 令时增加UseTestCertificate参数来安装自签名证书,也可以向Windows证书颁发机构或者独立的第三方证书颁发机构申请证书。这里我 选择了后者,因为我想快速体验下在Windows Server 8 Beta中安装证书颁发机构和以往是不是有所不同,结论是大致上是类似的。
不过我们可以先把向Windows证书颁发机构申请证书的事放一放,先来看下Install-PswaWebApplication cmdlet,该命令在不输入任何参数的情况会在后台自动调用IIS的相关cmdlet来创建名为pswa_pool的应用程序池,并在默认站点下添加名 为/pswa的应用。注意安装完成后只启用了http协议,同时大家也看到了PSWA的具体应用程序位于C:\windows\web \PowerShellWebAccess\wwwroot文件夹中,同时在这个文件夹下也包含一份readme.txt文档来简要描述整个配置过程。
接下来要做的是为默认站点申请证书。这里我就不详细描述申请证书的步骤了,大家可以通过IIS管理控制台,或者运行mmc后添加本地计算机证书管理单元来完成Web证书的申请工作,然后在IIS中为默认站点绑定证书。
在配置完证书后,我们可以打开IE浏览器看下Windows PowerShell Web Access的界面,顺便秀一下这是在IE10中打开的。
配置授权规则及站点安全
在完成Windows PowerShell Web Access的安装和配置工作后,虽然用户可以在浏览器中打开Windows PowerShell Web Access的登录页面,但是却无法登录,因为默认的授权策略会阻止用户登录,需要Windows PowerShell Web Access管理员显示开启策略才行,这也说明Windows PowerShell Web Access的授权策略是以白名单形式实现的。而策略的开启只能使用Windows PowerShell cmdlet,无法通过图形界面来完成。具体命令可以通过以下PowerShell命令来查看:
Pswa模块暂时一共包含五项命令,去除Install-PswaWebApplication,剩下的四条 命令都和授权规则有关。由于我事先已经在CNSHUTILSVR01这台机器上配置好了Windows PowerShell Web Access的授权规则,因此我们先来看下Get-PswaAuthorizationRule的运行结果:
这里我们可以看到只启用了一条规则,而且 User,Destination,ConfigurationName三项的值都是通配符,那么顺利成章的可以认为目前这台服务器上的Windows PowerShell Web Access允许所有用户进行访问。接下来我们要做的是先来移除这条命令,然后再看下创建过程。
移除过程其实大家已经想到了,可以通过Remove-PswaAuthorizationRule来完成,至 于是通过参数指定规则的序号,还是通过Get-PswaAuthorizationRule获得规则对象然后通过管道传递给Remove- PswaAuthorizationRule来删除规则,就看大家的喜好了。因为现在只用一条规则,我就偷懒少打点字,直接用Remove- PswaAuthorizationRule –Id 0来完成。
移除之后,用户是无法通过Windows PowerShell Web Access来访问其他计算机的。
接下来我们就把刚才的规则添加回去,命令如下:
Add-PswaAuthorizationRule -ComputerName * -UserName * -ConfigurationName *
注意默认情况下readme.txt中的命令在没有说明的情况下会让人搞不清楚状况,因此请大家参考 TechNet上的命令。命令执行完成之后可以用Get-PswaAuthorizationRule来确认规则是否创建成功,这在之前已经演示过了。接 下来我们就赶紧登录然后执行命令看看。
Well, it is not very exciting? The article on the introduction of Windows PowerShell Web Access to this end, in the medium-length and next introduce Windows PowerShell Web Access, we will look at the Windows PowerShell Web Access security model and some considerations when using.
(Part update is complete)
Tip: This question is being developed in a product, if in the future the official version does not match the contents of this article, please refer to the official version.
TechNet original document
http://technet.microsoft.com/en-us/library/hh831611.aspx
Reproduced in: https: //www.cnblogs.com/licheng/archive/2013/02/25/2931641.html