In this Ask the Admin, I’ll provide a general overview of the Windows Admin Center, which was released earlier this month.
The GUI management tools in Windows Server haven’t changed much over the years. There have been a few new ones, like Server Manager and the Active Directory Administrative Center, but by and large, no revolutionary changes. If you are familiar with Computer Management, Device Manager, or Active Directory Users and Computers (ADUC), you will know what a typical Microsoft Management Console (MMC) looks like. It’s a hierarchical tree that can be expanded to view configuration options. MMCs have an unfriendly UI and use Remote Procedure Calls (RPC) to manage remote computers, meaning that they are not firewall-friendly.
The Windows Admin Center (WAC) is a complete reimagination of not only the UI but also the back end. WAC is a website for managing either the local or remote servers via a gateway that uses PowerShell Remoting and Windows Management Instrumentation (WMI) over WinRM. The gateway can be installed on Windows Server 2016, Windows Server version 1709, Windows Server 2019, and Windows 10. WAC can manage Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012. It can also manage Hyper-V Server, Azure VMs, Azure Backup, highly-converged infrastructures (HCI), and more.
Because the gateway is a webserver application, administrators can connect to it from the public Internet and the local area network. Connecting to a gateway, rather than directly to the nodes you want to manage, allows for more flexibility and the option to easily secure communications.
The gateway can be installed on Windows 10, for small-scale environments, or on a server. If you want to manage Windows Server 2012 or Windows Server 2012 R2, you’ll need to install the Windows Management Framework (WMF) version 5.1 on devices running those operating systems. I installed the gateway in Windows Server 2019. You can download WAC here from Microsoft’s website. If you want to install WAC on Windows Server Core, read How to Install the Windows Admin Center in Server Core on Petri.
Once you’ve installed the gateway, open the WAC website using the link provided on the desktop. To connect to WAC from a remote device, type the name of the server on which the WAC gateway is installed in the browser address bar. If you changed the default port (443), add a colon followed by the port number specified when WAC was installed to the end of the URL. WAC supports Microsoft Edge and Google Chrome.
Unless you provided a certificate during the WAC gateway install process that is trusted by the devices from which you will connect to the gateway, you’ll need to bypass the security warnings in your browser when connecting to WAC. In a production environment, you should not let the installer generate a certificate but instead provide your own. Once connected, you’ll need to provide a username and password to connect to the gateway. This should be an account on the gateway device.
The All Connections screen shows you the list of servers you can manage. The gateway server appears by default. You can add servers, failover clusters, and hyper-converged clusters by clicking + Add. All you need to do is type the DNS name of a remote server or import a list of servers from a .txt file.
You can authorize remote servers and clusters using the Windows account you are logged in to your PC with, credentials you provide manually for the session, or Local Administration Password Solution (LAPS) credentials. For more information on LAPS, see Secure Local Administrator Accounts with the Local Administrator Password Solution (LAPS) Tool on Petri.
Click on a server on the All Connections screen. You’ll need to enter a username and password to make a connection to the server. An overview of the server’s health is displayed by default, similar to that displayed by Task Manager. The graphs for CPU, memory, disk, and network are updated in real time and you can restart and shutdown the server. The Settings option allows you to edit system and user environment variables, enable or disable Remote Desktop, and manage WAC Role-Based Access Control (RBAC). Currently, there are three access roles:
There’s a list of tools on the left, which you can search. Most things you’d expect are present, including the ability to manage services, the registry, devices, files, Windows Update, virtual machines if the Hyper-V role is installed, events, Windows Firewall, network adapters, and local users and groups.
The tools allow you to carry out basic tasks. For example, Services lists the services installed on the server and their status. You can start and stop services, and set the service startup type. WAC has improved since the initial beta release (Project Honolulu) and now it is possible to set service recovery options and specify a service account.
Device Manager lets you disable devices but there’s no access to more advanced configuration, although you can update drivers. Events can be exported and filtered but advanced options found in Event Viewer are missing, like Custom Views. But it is possible to search events and apply a filter to narrow down the results. Other tools, like Firewall, Local Users and Computers, and Roles and Features are quite well padded out and will allow you to perform most common administrative tasks without resorting to other tools.
Unlike the original Project Honolulu release, WAC includes a tool that makes a remote connection to the server using PowerShell. This will come in handy considering that WAC is still missing some tools, like scheduled tasks, DHCP, DNS, and IIS.
Microsoft has been pushing Server Core for several years now, even going as far as forcing organizations to choose the full GUI or Server Core at install time. Previously, it had been possible to move between the two after installing Windows Server. The Windows Admin Center isn’t supposed to replace all the Remote Server Administration Tools (RSAT) that most system administrators will be familiar with but it does cover a lot of the basics. WAC is extensible. Out of the gate, it includes Azure AD integration for gateway authentication and the ability to manage Azure virtual machines and Azure Site Recovery.