Starting at 12th of September 2011 I’ll be freelancer. – In August I had some vacation days to spend. – So I created a new project for me – and for you.
I call it “Web based PowerShell Console” or “WebPSConsole”.
It is a full featured Browser based PowerShell console that enables you to work on a server machine remotely. It’s like PowerShell remoting but it’s not the same. While PowerShell remoting uses “WinRM” the tool that I’ve created uses a “normal” PowerShell host that will be executed in an IIS environment. (Please see my comment related to “PowerGUI Pro Mobile Shell” at the end of this article.)
That means: With my tool you will have a ASP.NET 4.0 based Web Application that can be accessed by a browser. The ASP.NET web app has a .ASPX site and some code behind. On the server in the ASP.NET context a PowerShell Host developed by me is running that accepts commands send by the clients Browser. If a command is send it will be executed by the PowerShell Host. All output is send back to the clients Browser.
It’s on Codeplex: http://webpsconsole.codeplex.com with all source code! – It’s ALPHA. I’ve done lots of testing but I’m a single developer with a single machine… I’d be happy to get your improvements or experiences!
Lets have a look at the app:
That is the “GUI”. The black frame will contain the output of the server side PowerShell session.
Let’s enter a command.
get-childitem c:windows | select -first 5
After clicking “Send” the command is send to the server. The server executes the command and returns the PowerShell output.
Let’s try this:
You see the blue colored input box for the credential information input.
Here you see the implemented “session timeout”:
After 15 minutes of inactivity you’ll get a warning. After 20 minutes the session will be terminated. After termination you are not able to access the old session including session history!
Let’s try this:
a$ = read-host
Here you get an input field for a single line of text. The output is stored in variable $a. Let’s check the content of variable $a after sending the input:
Now let’s test the functionality of completing missing cmdlet parameters:
Leave the last line empty and click “Send”.
Now let’s test the “choice” functionality:
After “Send” you get:
You see here the blue colored choice input field. If you choose “Halt Command” in this case the “Hello Ingo” command will not be executed:
If you select “Cancel” in such cases the complete PowerShell pipeline will be stopped! Not only the current command!
You can set colors a you need to:
Than “Send” and test it with:
Now let’s have a look at the function “Download console as RTF”. You’ll find the link above the console frame.
This is a Rich Text Format copy of the complete console output! – A “Clear-Host” will not clear this output! – This file can only be downloaded while the current session running. After the session ends you will not be able to access the information anymore!
Let’s try “Show current buffer”. This command is above the console frame too.
Here you get the “real” PowerShell buffer as HTML. This page can be save.
Open “Show current buffer” again:
(It’s empty now because clear-host did clear the PowerShell buffer!)
A word to the keyboard usability:
In the command input field you can use ESCAPE to clear the input field.
You can use CTRL+ENTER to send the command.
In other input fields (choice, credential, read-line,…) except “Read-Key” (see below) you can use ESCAPE to cancel the current operation and pipeline.
You can use there ENTER to send your entered data.
You can use TAB and SHIFT+TAB to navigate inside the input frame: input field, Send button and Cancel button.
The “Trace log” is an optional frame that maybe shows more information about your server connection and the “work behind”. Just click the line and the frame will be shown:
(“Send buffer as HTML” is caused by the “Show current buffer” function.)
You can close the PowerShell session by clicking the “x” in the dialog title (beside “v0.1.0.0”):
Now you can close the Browser or click “Ok” to start a new session. Or reload the Browser page to create a new session.
Now I want to tell you how to install the project.
First of all you need IIS. This can be installed on Windows 7 too.
You need a user account for executing PowerShell at server side. This account is used by every user of WebPSConsole: Each user of WebPSConsole will be impersonated at the server with the “execution account”. Here you should choose the account very carefully.
Create a directory on the server where you store the binaries. You create a folder “c:inetputwebpsconsole”.
Copy the binaries there.
Open IIS Manager.
Create a new Application Pool for the “execution account”. This account need to execute ASP.NET 4.0 code.
Select “Classical Mode” for the application pool! – Please check the settings. In my case the settings were not used. After creating the app pool I had to edit it and set “Pipeline Mode” and “Framework Version” again!!!
Create a new web application “WebPSConsole” using the previously created application pool.
Right click the “Sites” node in IIS Manager.
You get this dialog. Fill in your specific informations. Here is my sample. I’ll use “ikWebPSConsole” as host header name in this setup demo because the host header “webpsconsole” already exists for development purpose.
Click the “Select” button beside “Application pool:
My sample data:
(In order to get this working on my machine I have to edit c:windowssystem32driveretchosts and insert “ikWebPSConsole” as new local DNS entry.)
Change the Authentication settings. Disable “Anonymous Access” and enable “Windows Authentication”.
Select the web app in the treeview. On the right side double click “Authentication”.
First double click “Anonymous Authentication” and deactivate it!
Now enable “Windows Authentication” the same way!
You should restrict the usage of the web app by setting access restrictions.
There you can grant or deny access to the web app for specific users, e.g. administrators.
As an example: Here only “DOMAINAdministrator” will have access to WebPSConsole.
You should enable SSL.
I’ve done this already in the setup example above while creating the web app.
You could use “SSL client certificates” to protect the web app.
7. Test the app.
I’ts as secure as you configure it!
You can restrict the rights of the console on the server by selecting a carefully configured user account as application pool account. You don’t have to configure this user to be “local admin” 😉
You can use SSL! (As shown above)
You can use Client-SSL-Certificates!
You can restrict client IP addresses!
You can restrict access by secifying users (as shown above).
BUT be sure you know what you do – as always 😉
It’s not as fast as a local PowerShell because of the client-server-interaction.
Currently it runs only under the user context of the application pool. There should be “real” impersonation of the logged in user. But this did not work.
It consumes memory on the server because of the data saved on the server in the session. Be sure to monitor the servers memory usage if you deploy it on live servers!
There is not “Progress” support at the moment!
Ideas for future features:
Command completion (like “Intellisence”)
Client side syntax check
Please help me to impove the app! – Please post comment of your experiences!
As I said I’ve developed this project in my last vacation. After finishing v0.1.0.0 I’ve seen PowerGUI Pro MobileShell by Quest Software . It’s based on the same idea as my project but is older and has more features I think. I only know a YouTube video of it because I do not know the commercial version of PowerGUI. – Beside this the free PowerGUI tool is my favorite PowerShell IDE. – For use on a live server you should think about using PowerGUI Pro MobileShell!