API access to PowerShell Web Access? - powershell

PowerShell Web Access allows you to run PowerShell cmdlets through a web browser. It shows a web based console window.
Is there any way to run cmdlets without typing them in to the console window? And is there any way to get the results back?
I'm envisaging an app that lets a non-technical user restart a print queue (for example) without having to know PowerShell. The app would display a list of print queues and then the user could select one and restart the queue. The app would essentially be a wrapper that takes care of the syntax and variables so that users don't need to know.
Is there a way to do that through PowerShell Web Access? Or is there some other way for a non Windows app to send arbitrary commands to a Windows server without reinventing the wheel?

Not with PowerShell Web Access**. That is designed for an interactive session.
There are a few ways you could do this. All examples are illustrative and may be outdated, insecure, etc.
Create an ASP.NET web application running C#. Run PowerShell in the C#. Use PowerShell remoting as needed. Example.
Create GUI applications using Windows Presentation Foundation or WinForms. Use PowerShell remoting as needed. Example.
Create a services with an API (e.g. REST) that PowerShell can hit.
** OK, I lied. Create a clunky solution that uses delegated, constrained endpoints accessed through PowerShell Web Access.
For each of the above solutions that uses PowerShell remoting, consider delegated and/or constrained endpoints. Example.
We have a web application that allows certain users to perform certain functions with certain parameters. Uses ASP.NET backed by C# with a set of predefined PowerShell scripts and configuration of who can do what stored in a SQL DB. For example...
Jane can restart application pool X on server Y.
John can restart service Z on server Q.
IT Support can unlock their own 'administrative' accounts from their standard accounts.
All of this can run from non-Windows computers. Some of it might be carefully exposed to allow use on Mobile devices : )
If you have the use cases, the small overhead of designing the system and writing the code behind it will pay off quite quickly.
Cheers!

Related

Is it possible to include calls to the Microsoft Graph API from within a Windows Service application?

We currently have a web application which requires manual intervention in order to initiate the transfer of data from Azure Active Directory (via the Microsoft Graph API) to a local SQL Server database instance for archival and reporting purposes. This manual process is often run multiple times per day.
Our goal is to automate this data transfer process through use of a Windows service application; however, we have encountered an issue with instantiation of the Microsoft Graph client. The vast majority of the documentation available seems to presume the use of Microsoft Graph with a user interface (which the service app doesn't employ). Methods which work quite nicely with the typical MVC-based C# web application don't sit well within the more limited confines of a Windows service app.
Is this type of automation possible? If so, is there any sort of documentation available regarding the use of Microsoft Graph within a Windows service app?
Any assistance is greatly appreciated.
There is a documentation where is described how to call Graph API from a background service or daemon app without any user interaction. The same way will work for Windows service.
Documentation
Get access without a user

Best Practices for authorizing local scripts via oauth to access Web Services

I couldn't find information on how other people solve this, so maybe you can help me out.
What I have
Multiple Services with REST APIs, that are secured using OpenID Connect. Connections between the Services work fine.
Now I have multiple developers, who sometimes need to write and execute local scripts (Python, R, Bash etc.) for quick analysis and testing.
What I want
I want to enable the developers to use the services as easy as possible, but still respecting security concerns.
What I tried
I defined the script itself as a client. Therefore I created a public client in my OIDC product, which is called somewhat like 'developer-scripts'. Using a library which handles the oauth dance, I can then execute the script connecting as aforesaid client. First time, the browser pops up and requests the user to authenticate and therefore authorize the client to use the REST API on behalf of the user. After that, the tokens are cached and I can easily continue working on that script.
This simplified drawing tries to summarize, what I just described
That works perfectly fine and regarding security I'm glad that credentials are not saved on the local computers as it was before with e.g. Basic Authentication. Furthermore, I'm able to control the access to different services on a user level.
Other ideas, which didn't convince me:
every web service also has an public client which can then be used as a client by the scripts (so the scripts aren't defined as clients anymore)
token generation is done somewhere else and the developer just adds the generated access/refresh token to the script
My problem
What concerns me about my current solution is the definition of that client. In the described case it would be either a generic client used by all developers for all scripts, or a new client for every developer who want's to write a local script. The latter seems to be a lot of overhead, the former may be a security problem?
So finally I'm asking the question: Are there any known best practices for my described use case?
EDIT:
I found a small article by [Martin Fowler](https://martinfowler.com/articles/command-line-google.html), he is basically explaining, how he is receiving a token to use for a local script. But in his case, he's using it for one certain use case, and not as a general public client. So unfortunately it doesn't really contribute to my answer.

Where to host Smartsheets API code

I am interested in learning to use the Smartsheets API. In the past I created workflows in Google Apps Script, which has a built in IDE that houses the script. Does Smartsheets have something similar? If not, where is a common place to keep your code and have it react to webhooks/events?
Regards,
Shawn
The API is just a way to communicate between your application and Smartsheet - there is no hosting for your executable code. Smartsheet provides a number of SDKs to help make the calls easier to perform, but in theory you could use any language to make the REST commands. So, pretty much any service that allows executable code would work, such as Amazon AWS, Google Cloud, Microsoft Azure, or others. Here's a brief comparison of services.
You can start developing on your own computer before you worry about cloud deployment. See the getting started guide and samples here: https://github.com/smartsheet-platform/getting-started
If you really need to respond to webhooks, your code will have to run somewhere that accepts incoming HTTP calls from the Internet without being blocked by a firewall. This could be in your data center, any of cloud services, or via a tunnel such as https://ngrok.com/

Logging into Outlook using powershell with no user logged on

I was wondering if its possible to create a powershell script to log into a specific outlook mail box and than add the script to the scheduled task so that no user has to be logged on.
If you need to open an arbitrary Exchange mailbox, you can either
Use Outlook Object Model (which cannot be used in a service, such as the Scheduler) to log to a predefined profile (Namespace.Logon) and call Namespace.GetSharedDefaultFolder. If the set of mailboxes is always the same, you can add these static mailboxes to the profile (open them as delegate mailboxes) and access them programmatically using the Namespace.Stores collection. Again, Outlook should not be used in a service/scheduler.
Exchange Web Services - it is HTTP based, so you can use it from a service
Graph - just like EWS, it is HTTP based, so you can use it from a service
Extended MAPI (C++ or Delphi only). native API used by Outlook itself. It can be used in a service.
Redemption (I am its author - it wraps Extended MAPI and can be used in any language from a service). It lets you dynamically log to an Exchange mailbox using RDOSession.LogonExchangeMailbox / LogonExchangeHostedMailbox (no existing profile required). Other mailboxes can be opened using RDOSession.GetSharedMailbox.
Yes, you can log on to a specific user profile programmatically. The Logon method of the Namespace class logs the user on to MAPI, obtaining a MAPI session.
Be aware, Microsoft does not currently recommend, and does not support, Automation of Microsoft Office applications from any unattended, non-interactive client application or component (including ASP, ASP.NET, DCOM, and NT Services), because Office may exhibit unstable behavior and/or deadlock when Office is run in this environment.
If you are building a solution that runs in a server-side context, you should try to use components that have been made safe for unattended execution. Or, you should try to find alternatives that allow at least part of the code to run client-side. If you use an Office application from a server-side solution, the application will lack many of the necessary capabilities to run successfully. Additionally, you will be taking risks with the stability of your overall solution. You can read more about that in the Considerations for server-side Automation of Office article.
Instead, you may consider using a low level API on which Outlook is built - Extended MAPI. Or use any third-party wrappers around that API.

Configuring outlook working-hours with powershell

In my company where we use AD infrastructure my working hours in outlook somehow change from working hours and my time-zone. I created a script that changes the time-zone, but don't know how to change the working hours in outlook.
QUESTIONS:
searching for POWER-SHELL OUTLOOK API gave no results - wanted to ask how to approach scripting the outlook application (or any other application) with powershell? What is the development process step-by-step? Is there an API defined for each application for powershell?
How does powershell interact with applications? Is there a general command-object infrastructure for all windows applications that powershell accesses?
And for the specific question: how to actually change the working hours in OUTLOOK?
Thank you?
Powershell can use any IDispatch-based libraries, including the Outlook Object Model. But OOM however does not provide any way to set those options. If using Redemption is an option (I am its author), you can use its RDOCalendarOptions object - next version of Redemption will expose RDOCalendarOptions.WorkDays/WorkDayStart/etc. properties.