none
Central Powershell server with central logging? RRS feed

  • Question

  • Hi,

    Any way we could have a central Powershell server to which our team can connect (and has all features/modules enabled for Exchange, VMWare etc) + has a central logging per user (which command executed when) so we have tracing + knowledge sharing?

    Please advise.
    J.


    Jan Hoedt

    Wednesday, March 11, 2015 10:41 AM

Answers

  • PowerShell comes installed on all systems.  The remoting is installed by default You only need to et group policy.  TO use PSA you have to install it on every server that you want to have access and mange it.  It can only manage the local server.

    Remoting works anywhere.  It is the de-facto standard.  PSA is nice and will find a bigger niche when we have all 2012 or better servers but it still requires PowerShell on all of the managed nodes and that means all nodes.

    The main point of PSQ is for access from Unix, Mac and mobile systems.


    ¯\_(ツ)_/¯

    • Marked as answer by janhoedt Wednesday, March 11, 2015 1:42 PM
    Wednesday, March 11, 2015 1:39 PM

All replies

  • That's probably not going to be practical.  

    A lot of the infrastructure modules rely on .dlls specific to that software so they only exist on the servers where that software (e.g. Sharepoint) is installed.  

    Then there's going to be the issue of credential delegation.  If they all connect to that central server to run their commands and scripts you're going to run into "second hop" authentication issues as soon as they start trying to access resources on other machines from there. You can get around that with CredSSP, but that's a potential security risk that's considered bad practice and to be avoided if possible.


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "


    Wednesday, March 11, 2015 11:04 AM
    Moderator
  • Why not. Go ahead. Build it. What problem are you having?


    ¯\_(ツ)_/¯

    Wednesday, March 11, 2015 11:05 AM
  • Isn't there a solution from Microsoft in order to have a (web based?) central Powershell server?

    Jan Hoedt

    Wednesday, March 11, 2015 11:40 AM
  • This is what I meant: https://technet.microsoft.com/en-us/library/hh831611.aspx

    Could it be what we need?


    Jan Hoedt

    Wednesday, March 11, 2015 12:05 PM
  • Isn't there a solution from Microsoft in order to have a (web based?) central Powershell server?

    Jan Hoedt

    Yes on WS2012 PWA

    You still have to design the overall central server that has everything loaded then deploy it to do that.  You can also just use remoting.


    ¯\_(ツ)_/¯



    • Edited by jrv Wednesday, March 11, 2015 1:23 PM
    Wednesday, March 11, 2015 1:21 PM
  • W2012 powershell web access?

    >You still have to design the overall central server that has everything loaded then deploy it to do that. 

    Not sure what that implicates. You have to set it up and design, ok. Sounds logical to me(?)
    Remoting implies you need to install all modules on each machine which is using PS. If you have a central (web)server you can logon to and execute commands (and it would have logging of commands), that would be the ideal situation in a team where people all use/share PS/PS Scripts.


    Jan Hoedt


    • Edited by janhoedt Wednesday, March 11, 2015 1:32 PM edit
    Wednesday, March 11, 2015 1:31 PM
  • PowerShell comes installed on all systems.  The remoting is installed by default You only need to et group policy.  TO use PSA you have to install it on every server that you want to have access and mange it.  It can only manage the local server.

    Remoting works anywhere.  It is the de-facto standard.  PSA is nice and will find a bigger niche when we have all 2012 or better servers but it still requires PowerShell on all of the managed nodes and that means all nodes.

    The main point of PSQ is for access from Unix, Mac and mobile systems.


    ¯\_(ツ)_/¯

    • Marked as answer by janhoedt Wednesday, March 11, 2015 1:42 PM
    Wednesday, March 11, 2015 1:39 PM
  • PSWA does not provide Powershell sessions.

     It provides a gateway to Powershell sessions via a browser interface.


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Wednesday, March 11, 2015 1:50 PM
    Moderator