Chapter 5. Managing systems through a keyhole
Imagine you’re sitting on the beach with your smartphone. You’d love to ignore calls from work, but you just got a text saying that an important client’s account is locked. It’s the middle of vacation season, and for whatever reason nobody in the office is able to solve the problem. You roll your eyes and take a deep breath. Then you open the appropriate web page on your phone, log on, and run a single command. You send a text to your colleagues that the problem is solved. Is it possible? With PowerShell v3 and Windows Server 2012, the answer is yes.
Windows Server 2012 comes with PowerShell Web Access (PSWA). A question that concerns many administrators is this: do I really want to be able to do everything I can normally do from my workstation when I’m connected to my systems from my phone or tablet? Maybe I want to be able to perform only those tasks that are safe but may be seen as crucial by some (important if “some” includes your manager), like unlocking a client’s active directory account.
PSWA can’t restrict the list of commands available, but because it uses PowerShell remoting at the backend you can configure it to only use a dedicated-session configuration. And you can set up this session configuration in a way that meets your goals—in a way that will let you do what you must but hide anything that could potentially cause harm to the managed system.