未加星标

PowerShell Web Access Just how practical is it?

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二03 | 时间 2018 | 作者 红领巾 ] 0人收藏点击收藏

PowerShell has long been the standard tool for managing everything from windows Server to Exchange to Office 365 and Azure resources and has more recently ventured into the cross-platform world with support for linux and macOS via its PowerShell Core fork. With its robust scripting language, automation and remoting capabilities, PowerShell has proven to be invaluable and many IT Pros feel helpless without it. Therefore, it has become very important to ensure access to a PowerShell console wherever possible.

Using PowerShell in the browser is hardly something new, in fact, this functionality has been available for many years. Starting with Windows Server 2012, the Windows PowerShell Web Access feature allowed us to run PowerShell cmdlets and scripts on virtually any device, without needing to install additional software. That said, the PowerShell Web Access feature hasn't received much love since its original release, and while it’s still part of the Windows Server install, there’s hardly anything new to talk about.

So, why am I writing about it now, six years later? Azure Cloud Shell is one of the reasons. I’ve been meaning to do a comparison between the two, especially when it comes to managing things in the Office 365 world. After more announcements made at this year’s Ignite, I have a few more reasons to explore this topic further. Let’s dig right in.

PowerShell Web Access

As PowerShell Web Access (abbreviated as PSWA) has been available for years, I won't go into too much detail about installing and configuring the feature, you can find this information in the official documentation or on numerous blog posts. However, I will briefly talk about how you can use it, and what you can't do with it.

To start with, you can use any browser to connect to the PSWA endpoint you exposed internally in your organization or to the outside world. Internet Explorer will do just fine, even versions as old as IE 8.0, not that you should actually be using them. Most mobile browsers will be fine too, as long as they support javascript. As you can imagine, the tradeoff of the relaxed requirements is a “not so snappy” interface, as shown in the screenshot below. The screenshot also illustrates the amount of attention given to this feature by Microsoft in the recent years, as I am actually running on a Windows Server 2019 box, even though the webpage says Windows Server 2016.


PowerShell Web Access   Just how practical is it?

Cosmetics aside, once you log in to the PSWA page, you end up at a terminal window and you can start issuing cmdlets. Under the covers, PSWA uses remoting to connect to a given machine, which is why the Computer Name parameter is mandatory when logging in. Once connected, you have access to a fully-fledged PowerShell console, as indicated by the output of $PSVersionTable , and you can do more than run cmdlets. For example, you can invoke .NET classes and methods, such as the System.Environment class and its OSVersion property, showing the version/build of the current server. You can also call console applications such as ipconfig :


PowerShell Web Access   Just how practical is it?

You get support for tab completion and execution history as well as most other PowerShell features you are familiar with. Finding and installing modules via the cmdlets exposed by the PowerShellGet module is one example, provided you are connected to a computer running a recent PowerShell version. You can quickly download the MSOnline module if it is not already present on the system. Once the module is installed, you can connect to Office 365 and start managing users.


PowerShell Web Access   Just how practical is it?

While connectivity to Office 365 did work, you might have noticed that I used the -Credential switch for the Connect-MsolService cmdlet above. Doing so results in using a special OAuth flow, allowing me to connect via Modern authentication while at the same time bypassing the interactive login dialog. The reason is simple since I’m running PowerShell in what’s effectively a terminal, there is no way for the interactive ADAL dialog to be shown. This,in turn, means that any module that requires you to do a fully interactive login will not work, and PowerShell will inform you accordingly with an error message. Connecting to services that accept $Credentials variable will work just fine though, for example the case of Exchange Online:


PowerShell Web Access   Just how practical is it?

So in effect, I used my regular “connect to Office 365 script” in a browser session, and I’m now able to perform (almost) all the operations I’m used to runni ng on my desktop machine. Other modules, such as MicrosoftTeams will also run just fine, as long as you are able to pass credentials directly. For modules that only support interactive login, you might have to resort to workarounds such as getting an Access token directly via ADAL and passing it to connect via Modern authentication, as shown below for ExO:


PowerShell Web Access   Just how practical is it?

This is not the only limitation. For example, as this is a remote session and you are running in a different PowerShell host, there are no profiles available. It also means that you can't interactively remote to another machine using Enter-PSSession , for example in order to access a module installed on that machine. One alternative would be to relog to the PSWA gateway and choose the other machine instead. You can also use other methods, such as New-PSSession , Invoke-Command or the -ComputerName parameter, depending on the task.

Since you are bound to the terminal, copying and pasting information can be a drag, and so is viewing or editing files, and transferring files is an almost impossible task. Other “goodies” you might have become used to includ e: syntax highlighting, function keys and persistent cmdlet history are also unavailable, or limited. Overall, PSWA is a viable substitute for those rare cases where you have to run a specific PowerShell task from a tablet or mobile device. So how practical is it? I would say a solid 8/10 when put in the context of Office 365 tasks.

Azure Cloud Shell

While Microsoft has barely touched PSWA in the past few years, they’ve put a lot of effort in to releasing and polishing PowerShell Core, bringing the power of PowerShell to new modalities. One modality is Azure Cloud Shell (ACS for short), a browser-based PowerShell experience for managing Azure resources. Under the covers, Azure Cloud Shell is a web interface for a PowerShell Core (or Bash) instance running on a Linux VM running on top of a Hyper-V host. Running on Linux allows Microsoft to minimize the resource consumption and costs, and in effect ACS is free, with the only charges incurred by the cloud storage account it uses to host the VM image holding the file share.

Azure Cloud Shell can be accessed from multiple endpoints. It’s integrated into the Azure portal and the Azure mobile app, and also has a standalone website accessible via https://shell.azure.com . If you are accessing ACS via the Azure portal or the app and have already authenticated, you will be automatically logged in and granted access to Azure PowerShell for the current directory. If you are accessing it via the ACS webpage, you will have to authenticate and select the subscription/directory as part of the process. You can also select the type of shell, either Bash or PowerShell.

For the purpose of this article, we are

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

代码区博客精选文章
分页:12
转载请注明
本文标题:PowerShell Web Access Just how practical is it?
本站链接:https://www.codesec.net/view/621319.html


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(70)