0% found this document useful (0 votes)
505 views31 pages

Managing Windows Server: With Windows Admin Center

Windows Admin Center (WAC) is a browser-based tool for managing Windows Server 2019. While not a full replacement for existing desktop-based tools like RSAT, WAC provides some unique capabilities for server management via a modern web interface. However, WAC is still early in development and lacks many functions of RSAT. It is best suited currently for Hyper-V management and monitoring new capabilities like Storage Spaces Direct. Administrators must still use a mix of tools to manage all aspects of the Microsoft platform.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
505 views31 pages

Managing Windows Server: With Windows Admin Center

Windows Admin Center (WAC) is a browser-based tool for managing Windows Server 2019. While not a full replacement for existing desktop-based tools like RSAT, WAC provides some unique capabilities for server management via a modern web interface. However, WAC is still early in development and lacks many functions of RSAT. It is best suited currently for Hyper-V management and monitoring new capabilities like Storage Spaces Direct. Administrators must still use a mix of tools to manage all aspects of the Microsoft platform.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

16/19

Managing Windows Server


with Windows Admin Center
Table of contents
1. Why browser-based admin tools? 3|

2. Admin Center versus existing tools 4|

3. WAC not yet a replacement for RSAT 5|

4. Components of Windows Admin Center 6|

5. Installation and operation 7|


Management via PowerShell, WMI and WinRM
Supported web browsers
Integration with Azure
Installing Windows Admin Center on Server Core

6. Setting access rights via roles 11|


Controlling access to the gateway
Roles for the management of target systems
Activating access controls, assigning roles
Rudimentary role concept limits delegation options

7. Installing the Hyper-V role and configuring the host 16|


Adding roles
Creating a vSwitch
Strengths and weaknesses of WAC for Hyper-V management

8. Creating and configuring virtual machines 19|


Creating a new VM
Installing the guest OS
Subsequently changing VM settings
Creating and managing snapshots

9. Activating Remote Desktop and starting it in the browser 24|


Error when activating firewall rules
Tools as RemoteApp

10. Copying files to a Windows server 27|


Files tool in Admin Center

11. Summary 29|


thomas-krenn.com | 3

Managing Windows Server 2016/2019 with


Windows Admin Center
With Windows Admin Center (WAC), Microsoft Admin Center is Microsoft’s second attempt to
is joining the industry trend towards web-based develop web-based tools for the management of
management tools – though somewhat later Windows servers. It’s first was Server Management
than most. While still a long way from its final Tools (SMT) – an Azure service that was discontinued
release stage, the manufacturer recommends it in mid-2017. WAC, on the other hand, is a pure on-
for managing Windows Server 2019. Admins must premises solution that users install on their own
therefore expect to juggle a range of different tools computers.
for the Microsoft platform over an extended period.

1. Why browser-based admin tools?


The main advantage of web-based admin tools is offers for assigning access rights.
clear: They do not require the installation of software Finally, browser-based tools are an advantage
on the end device and can run on practically any when hybrid environments consisting of local and
device with a modern browser installed. This is a cloud-based resources are to be managed via a
particular strength when administrative tasks are single interface. Services in the public cloud are
to be delegated to standard users in specialist inherently designed for management via web APIs.
departments. One argument against browser consoles for a
For such scenarios, it should be possible to reduce the long time was the poor usability of web interfaces.
web interface to the required functions. However, Today’s web technologies, however, allow the
this requires a role concept that allows flexible development of interfaces that are on a par with
customization of the GUI and can also be used to their desktop counterparts in terms of convenience.
control the permissions of the respective users. A Windows Admin Center has a modern web GUI that
separate section in this text therefore examines the provides dynamically updated performance charts.
question of which options Admin Center currently
thomas-krenn.com | 4

WAC uses a modern web interface that displays important indicators in live charts.
(Windows-Admin-Center-Leistungsindikatoren.png)

2. Admin Center versus existing tools


In addition to WAC, which appeared in its first official whose focus is on Unified Endpoint Management.
version in Q2 2018 with Windows Server 1803, With the recent introduction of the ability to
Microsoft has a broad portfolio of management distribute Win32 applications, cloud-based
tools. These include Remote Server Administration software is increasingly entering System Center
Tools (RSAT), System Center products and the SaaS Configuration Manager (SCCM) territory.
tool Intune.
Admin Center has very little overlap with the By contrast, Admin Center is to be seen as an
heavyweight tools of the System Center family. alternative to RSAT, which it will probably replace
Products such as the Configuration-, Operations- in the long run. As the example of vSphere shows,
or Service Manager cover tasks for which Admin porting complex tools from the desktop to the
Center is not intended. Functional overlaps exist browser can take a long time. However, VMware
with the not too popular Virtual Machine Manager recently completed this transition after developing
(SCVMM). Incidentally, a “webification” of System a Flash-based web client. Microsoft is still at the
Center is still largely pending. beginning of this process with WAC.
There is similarly little competition with Intune,
thomas-krenn.com | 5

3. WAC not yet a replacement for RSAT


Admin Center, like RSAT, is primarily used to manage Admin Center does not nearly have all the functions
roles and features provided by Windows Server. of RSAT at this point, yet it already offers exclusive
Unlike VMware, which equipped the vSphere web features for managing Windows Server 2019.
client with the functions of the native Windows For instance, if you don’t want to forgo a graphical
client, the relationship between RSAT and WAC is admin UI for certain aspects of the current server
more complicated. operating system (e.g. storage migration services
or system insights), then you’ll need to use WAC.

Only WAC provides a GUI for capacity planning with system insights. (Windows-Admin-Center-System-Insights.png)

The functionality of Admin Center in relation to RSAT can be categorized as follows:

WAC has features that are:


• Incomplete compared to the Microsoft Management Console (MMC) tools. This applies
to most components.

• Largely feature-complete. This applies, for example, to the management of Hyper-V.


A separate section below shows how WAC manages such a relatively complex system
component.
thomas-krenn.com | 6

• Unique and not present in RSAT, such as Storage Spaces Direct monitoring. This also
includes useful little helpers like an RDP web client and a file upload service, which are
also covered here.

• Missing completely. This applies to important services such as Active Directory, DHCP,
DNS and Remote Desktop Services.

There is no exact timetable as to when which Term Servicing channel.


functions will be added. However, Microsoft is Due to the fast update cycles, Admin Center is
publishing previews of WAC in relatively short not yet included in the scope of delivery for the
intervals and has so far released an official version operating system.
for each server release in the Semi-Annual or Long-

4. Components of Windows Admin Center


WAC consists of four components: It can also be used to control Cluster-Aware
Server Manager: This includes functions to manage Updating. The web variant, however, is not yet able
the (as of now supported) roles and features of to set up failover clusters; for this, you still have to
Windows Server. In contrast to the tool of the same fall back on the classic tools.
name in RSAT, which was given the capability for Hyper-Converged Cluster Manager: Windows
multi-server management in version 2012, only clusters running virtual machines and
individual computers can be managed with WAC. simultaneously providing software-defined storage
Computer Management: This is used to manage with Storage Spaces Direct could initially only be
Windows 10 PCs. Its functions largely overlap with managed through PowerShell. WAC is currently
those of the MMC program of the same name. the only graphical management tool for these
Failover Cluster Manager: At first glance, this is the configurations. Its dashboard provides all the
web equivalent of the MMC-based tool of the same essential metrics of such an environment, which
name. It allows for the management of a server Admin Center can manage and monitor, but cannot
group’s resources such as disks, networks, cluster set up.
nodes, roles, VM, and vSwitches.

The Windows Admin Center modules


(Windows-Admin-Center-Komponenten.png)
thomas-krenn.com | 7

In addition to these four modules and the functions Currently, there are mainly extensions from
they contain, Admin Center has a mechanism for hardware manufacturers that allow users to
adding extensions. It allows Microsoft or third-party monitor servers or storage systems.
vendors to mount their tools in the web console.

5. Installation and operation


Installation is surprisingly simple: If you expected versions 2016 and newer.
that you would have to activate and configure the Since Preview 1802, a high-availability deployment
Internet Information Services (IIS) first, you will in a failover cluster is also planned.
be pleasantly surprised. The software comes with The web tools can be installed on Windows Server
its own web server, which is established with the 2016 and 2019 as well as on Windows 10. Older
setup. versions of the server OS from 2012 are also
The whole process entails opening the MSI installer supported but will require a current version of
and navigating three dialog boxes for essential the Windows Management Framework. A limited
settings. It supports Windows 10 x64 and Server number of features function with Server 2008 R2.

To install Admin Center, you need at least Windows 10 or Server 2016 or 2019 (windows-admin-center-server-2012r2-setup.png).
thomas-krenn.com | 8

A specific feature of installing WAC on Windows be established with this server in order to use it as
Server is that you can upload or create an SSL a gateway for the management of other machines.
certificate. This allows secure HTTPS connections to

When WAC is installed on a Windows server, it serves as a gateway to manage other resources. Source: Microsoft
(Admin-Center-Architektur.png)

However, this does not work if you install the web a gateway.
tools on a client PC running Windows 10. As a result, rights management is also not available
In this case, you can only manage remote systems in this case.
from this particular machine – it cannot be used as

Management via PowerShell, WMI and WinRM


There is no need to install any software on the be activated and the firewall configured accordingly.
managed computers. Communication from the
gateway machine running the management tools This is the default setting with Windows servers
to the managed servers in the background is since version 2012. If the target systems are
performed via Remote PowerShell and WMI over members of a workgroup, you must first add them
WinRM. Therefore, as with PowerShell, WinRM must to the TrustedHosts list.
thomas-krenn.com | 9

With Windows Admin Center, servers can be managed from version 2012 and newer while limited support is available for Server
2008 R2 since version 1806. (windows-admin-center-server-2012r2.png)

Supported web browsers


A major advantage of web-based consoles is that While Windows Admin Center will run on Firefox,
you can manage systems from any device that the manufacturer does not support it and it cannot
has a modern browser. However, Microsoft only be run on IE.
supports Google Chrome and Edge on Windows 10
currently.

IE – the only browser natively available under Windows Server – is not supported (Windows-Admin-Center-IE11.png)
thomas-krenn.com | 10

This results in the paradoxical situation where the server console as it has neither of the two required
new admin tools cannot be used with the default browsers.

Integration with Azure


Although Admin Center is a pure on-premises addition to local servers.
solution, Microsoft is positioning it as a hybrid cloud For this purpose, Admin Center has been supporting
management tool. This means that Windows Azure AD authentication since Preview 1803.
servers in an Azure VM can also be managed in

Access rights to the gateway can also be configured for Azure AD users. (windows-admin-center-azure-ad.png)

Installing Windows Admin Center on Server Core


The browser-based management GUI for Windows Here, you must provide the essential parameters
does not require a server with an installed desktop when using the msiexec function. It is important to
experience – it can also be set up on Core. In this note that, under PowerShell, the installer expects
case, starting a silent installation right from the the absolute file path to the MSI package.
command line is the way to go. This option also Further parameters include the port for connecting
works, of course, on a server with a GUI. to Admin Center and the selection of the certificate:
Usually, Windows servers nowadays run in a VM,
so you have to transfer the MSI package there first. msiexec /i C:\Users\me\WindowsAdminCenter1804.
For this task, we recommend the PowerShell Copy- msi /qn /L*v log.txt SME_PORT=443 SSL_
VMFile cmdlet on Hyper-V. After the successful CERTIFICATE_OPTION=generate
transfer, you can start the installation process on
the Server Core command line.
thomas-krenn.com | 11

Installing Windows Admin Center from the command line (windows-admin-center-install-cli.png)

In this example, Admin Center would use the that already exists on the computer, you have to
default SSL port (443) and generate a certificate specify it instead.
itself during setup. If you want to use a certificate

SSL_CERTIFICATE_OPTION=generate
or for existing certificates:
SME_THUMBPRINT=<thumbprint> SSL_CERTIFICATE_OPTION=installed

If you want to remove Admin Center, you will need to use msiexec again:
msiexec /x C:\Users\me\WindowsAdminCenter1804.msi

Uninstalling Windows Admin Center from the command line (windows-admin-center-uninstall-cli.png)

A confirmation window will appear as the final step for removing the software.

6. Setting access rights via roles


Web-based tools, such as Admin Center (WAC), are Administration”) that grants non-administrators
particularly useful for delegating tasks to standard the necessary rights.
users. In such cases, however, it is important to limit On this point, Windows Admin Center represents
their rights to what is strictly necessary. For this, a clear advance over the traditional tools based
WAC has a role concept based on JEA (“Just Enough primarily on the MMC.
thomas-krenn.com | 12

These older tools do not allow a granular allocation Rights Management controls both access to the
of permissions. gateway itself and the managed endpoints.
WAC, on the other hand, has role-based permission
management from the outset. However, this is only
available if WAC was installed in gateway mode on
a Windows server.

Controlling access to the gateway


By default, only users with administrative rights can the settings, which can be accessed via the gear
connect to the gateway. Other accounts must first symbol in the top right-hand corner.
be explicitly added, although direct assignment of However, the Gateway section is only visible if you
individual users to roles is not possible. Rather, the open Admin Center from a Windows session where
tool only allows local or AD groups. you are logged in as an administrative user.
Admin Center provides two roles for controlling The Access side tab opens a page on which you
access to the gateway: gateway administrators can assign rights to normal users using the “+ Add”
and gateway users. The latter are not allowed to button under Allowed Groups. Enter the name of
change any settings for the gateway and have no the group in the respective field. An Active Directory
access to rights management. search is not possible, so you have to type in the full
name manually.
The assignment of roles to user groups is done in

Granting gateway access for user groups (Windows-Admin-Center-Gateway-Benutzer.png)


thomas-krenn.com | 13

Please note that the mere name of the group is In addition to selecting the role, the user group can
sufficient if it is located in the same domain as be assigned to the smart card security group, which
the gateway server. A notation according to the forces users to log on using a smart card.
domain\group pattern is therefore not required.

Roles for the management of target systems


When an account is granted access to the gateway, allow access to the managed endpoints.
it is not automatically granted permissions for These are:
machines that are to be managed via Admin Center. • Windows Admin Center Administrators
To do that, users need administrative rights on each • Windows Admin Center Hyper-V
endpoint. Administrators
By default, only those users whose account is a • Windows Admin Center Readers
member of the local administrators group on each
target machine can manage computers through Administrators can use most Admin Center
WAC. tools and features, though Remote Desktop and
However, Admin Center comes with three predefined PowerShell remain hidden and the settings for a
roles, which can also be used by standard users to machine cannot be opened.

Accessing Admin Center with restricted permissions (Windows-Admin-Center-Rollen-Hyper-Admins-Zugriff.png)


thomas-krenn.com | 14

As the name suggests, Hyper-V Administrators all three groups are not permitted to make Remote
are limited to managing the hypervisor and virtual Desktop connections, Hyper-V Admins cannot view
machines, and Readers get read-only access. Since VM consoles in WAC.

Activating access controls, assigning roles


To be able to use these user roles, you need to This action configures the server as an endpoint
enable role-based access control in the settings of for JEA and downloads the PowerShell modules
each target computer. required by WAC to the machine.

Activating role-based access control (Windows-Admin-Center-Rollenbasierte-Zugriffsteuerung.png)

In addition, three local groups are created whose add them to these newly created local groups.
names are identical to those of the roles. To assign This task can be automated through group policies.
users or groups with the permissions of these roles,
thomas-krenn.com | 15

Benutzer zu den Gruppen für das Admin Center hinzufügen (Windows-Admin-Center-Rollen-Hyper-Admins.png)

In larger environments, this interactive configuration The detour with the local groups can be avoided by
of endpoints is not practical. In such cases, you can adapting the JEA files accordingly and assigning the
download the entire package, consisting of the JEA roles directly to an AD group. The exact procedure is
and DSC files and the PowerShell modules, and described in this documentation.
distribute it to the target machines via the preferred
mechanism.

Rudimentary role concept limits delegation options


Building on WMI, WinRM and PowerShell, permissions. For instance, Hyper-V Administrators
Admin Center takes advantage of Just Enough are not only delegated the management of certain
Administration to give users the rights they need to VMs; they are also able to edit or delete vSwitches.
manage certain machines, regardless of their other
privileges. The biggest drawback of role-based access control
However, this mechanism is currently limited to in Admin Center is that you cannot currently define
three roles – allowing only a very rough allocation of your own roles and assign granular rights to them.
thomas-krenn.com | 16

7. Installing the Hyper-V role and configuring the host


Hyper-V is one of the few components that can be Manager and Hyper-V Manager.
administered almost completely via the browser Once you have added the server to the list of
in Admin Center. This applies both to adding the managed computers, you can use the WAC gateway
Hyper-V role and the subsequent adjustment of the to start the necessary actions. The endpoint does
settings. When using the traditional GUI tools for not require any software, such as an agent.
this, you would need two of them: namely, Server

Adding roles
The first step is to select the menu item Role & on the plus symbol (“Install” button).
Features from the navigation bar. In the list that Since the installation of Hyper-V requires a restart,
appears, select Hyper-V and add the role by clicking you can also enable the automatic restart option.

Installing the Hyper-V role via WAC (Windows-Admin-Center-Hyper-V-Rolle-installieren.png)

As soon as the server is available again, you can left navigation bar.
start configuring the most important parameters. The page currently displays five menu items in the
This is done under Settings, the bottom entry in the Hyper-V Host Settings section.
thomas-krenn.com | 17

Settings for Hyper-V in Admin Center and Hyper-V Manager (Windows-Admin-Center-Hyper-V-Manager-Host-Einstellungen.png)

They largely correspond to those in Hyper-V networks. Also missing are the configurations for
Manager, except that the paths for VMs and virtual Hyper-V replica and the virtualization of GPUs on RD
drives are grouped under “General” up virtual Virtualization Hosts.

Creating a vSwitch
Before you can start setting up virtual machines on and set. For this task, there is a separate entry in the
the host, you need to create one or more vSwitches Admin Center navigation bar called Virtual Switches.

Creating a virtual switch for Hyper-V in Admin Center (Windows-Admin-Center-Hyper-V-vSwitch.png)


thomas-krenn.com | 18

When creating a new switch, you can only specify Other options, such as adding a description, only
its name and select the type (external, internal, become available when you save the new vSwitch
private). If you choose “external”, the tool displays and then edit its settings. In contrast to Hyper
the available NICs to which you can bind the V-Manager, you cannot assign a VLAN ID for the
vSwitch. network of the management operating system.

Strengths and weaknesses of WAC


for Hyper-V management
If you follow the previously described instructions and slower than the MMC-based tools.
through to the operational Hyper-V host, the Moreover, some settings are missing – though they
question arises as to the advantage of using Admin tend to be ones that are rarely used. Instead, WAC
Center for this task. offers a dashboard that presents a host’s most
The web console’s reactions are noticeably rougher important metrics and log entries in a clear way.

WAC dashboard for monitoring Hyper-V (Windows-Admin-Center-Hyper-V-Virtuelle-Computer-Dashboard.png)

Scenarios are also conceivable in which the WAC the management of Hyper-V servers from outside
gateway is placed in the DMZ – thereby enabling the corporate network.
thomas-krenn.com | 19

However, admins who manage their environment likely stick with the conventional tools.
from a Windows workstation in the LAN will most

8. Creating and configuring virtual machines


So, while there are hardly any occasions to set up In addition, integration with cloud services such as
and configure hosts via the browser tools, WAC Azure Site Recovery or Azure Update Management
offers some real advantages when managing VMs. makes it easy to back up VMs and update guest
In hybrid environments, it can be used to administer operating systems.
both Hyper-V and Azure VMs from a single console.

Creating a new VM
While creating a new virtual machine in Hyper-V There you click on the “+ New” button and enter
Manager is done using a wizard, WAC uses a single the required data for the new VM. These include the
web form for the task. This can be opened by name of the VM, the drive and directory where the
following the Virtual Machines link in the navigation VM is to be stored, the number of virtual CPUs and
and then switching to the Inventory tab page. the amount of memory.

Creating a new virtual machine (Windows-Admin-Center-Hyper-V-Neue-VM.png)


thomas-krenn.com | 20

Here, you can also select the VM generation (1 or 2), It should be noted that, as a rule, mounting an ISO
the network and an existing drive under “Memory file from a network share does not work. The reason
=> Add drive” if you don't want to create a new one. for this is that the credentials used to log on to the
In addition, the VM can be immediately assigned Hyper-V host are not passed on to the computer
an ISO image as a virtual DVD drive to install the on which the file share is located. In this case, you
guest OS. need to set up a Kerberos delegation first.

Installing the guest OS


Before starting the VM, you should check your Settings.
settings to ensure that the DVD is first in the boot On the resulting page, select “Boot order”. With
order. To do this, select the VM on the overview the help of the arrow symbols, you can change the
page, open the “More” drop-down menu and select position of the entries.

Changing the boot order in the settings of a VM (Windows-Admin-Center-Hyper-V-VM-Startreihenfolge.png)

In Hyper-V Manager, you would connect to the VM same, except that you have to turn on the VM
at this point and then start it. Once the appropriate before connecting to it. To do this, you open the
message is displayed, you would press a button to “More” drop-down menu and select “Connect”.
start the VM from the virtual DVD drive. This will start the RDP web client, provided you have
In Admin Center the procedure is basically the previously enabled the Remote Desktop feature on
thomas-krenn.com | 21

the host. This means you have no opportunity to press a


Note: The current official WAC release 1809 is button to boot from DVD.
suffering from a serious bug that prevents it from Using “Send CTRL+ALT+DEL”, however, you can
connecting through the RDP web client. This is fixed restart the VM. Once you have done this, you should
in preview version 1809.5. immediately press a key while the browser window
However, you will notice that connecting via the is still white instead of waiting for an on-screen
web client now takes so long that the VM attempts prompt.
to boot from the network via PXE.

After connecting to the VM, you have to restart it via “Send Ctrl + Alt + Del” (Windows-Admin-Center-Hyper-V-VM-Boot-Fehler.png)

An alternative is to download the .rdp file, which is This variant also requires a restart of the VM while
available in the same menu when the VM is running. the RDP client is open (via More => Reset).
In this case, you would connect via the native RDP With this option, however, one breaks away from
client. the purely web-based approach and thereby
negates one of the main advantages of WAC.
thomas-krenn.com | 22

Installation des Gast-OS über den integrierten RDP-Web-Client (Windows-Admin-Center-Hyper-V-VM-RDP-Installation.png)

From here, the interactive installation of the guest response behavior is completely satisfactory.
OS progresses as normal and the RDP web client’s

Subsequently changing VM settings


When creating a new VM through Admin Center, soon as you have saved the VM.
the web form only allows you to configure the most Similar to Hyper-V Manager, not all parameters can
important settings. All others can be changed as be edited when the VM is running.

Settings for VMs in WAC versus Hyper-


V-Manager (Windows-Admin- Center-
Hyper-V-VM-Einstellungen.png)
thomas-krenn.com | 23

If you open the page under More => Settings, you Management under Networks.
will find a list with eight categories, ranging from One of the most common tasks in VM management
General and Memory to Networks and Checkpoints. is changing the operating state, i.e. starting,
This largely corresponds to what Hyper-V Manager stopping, shutting down the guest, or turning it off.
offers. However, in some categories individual All of these actions can be performed through the
settings are missing – such as Bandwidth browser interface.

Starting, stopping and shutting down VMs via Admin Center (Windows-Admin-Center-Hyper-V-VM-Betriebszustand.png)

Creating and managing snapshots


Admin Center can also be used to create and command from the “More” drop-down menu.
manage checkpoints. The type (production vs. This opens a dialog in which you can enter a name
standard), as well as the storage location, can for the checkpoint. If this is left empty, the system
be defined in the mentioned settings, where the will assign a designation based on the date and
feature can also be deactivated. time.
To create a snapshot, you can use the corresponding

Creating a checkpoint for a VM in Admin Center (Windows-Admin-Center-Hyper-V-VM-Snapshot-anlegen.png)


thomas-krenn.com | 24

The snapshots cannot be managed from the the Checkpoints section, you can then apply, delete,
context of the Inventory list, but rather by following or rename snapshots.
the link that is attached to the name of the VM. In

Managing VM snapshots (Windows-Admin-Center-Hyper-V-VM-Snapshot-verwalten.png)

On this page, Admin Center also provides an WAC is therefore better suited for monitoring VMs
overview of the VM’s most important performance than Hyper-V Manager.
data, which is also displayed as live charts.

9. Activating Remote Desktop


and starting it in the browser
In general, administrative remote access to the WAC has a unique feature among the Microsoft
Windows Server console is losing relevance. tools with the web client for Remote Desktop. This
However, since Admin Center cannot yet replace not only allows you to open a complete desktop,
the conventional GUI tools, it attempts to close the but also individual programs as RemoteApps – such
gaps by connecting to a managed server via RDP as MMC-based tools.
and performs tasks there with conventional tools.

Server Manager in Admin Center’s


Remote Desktop client (admin-
center-remotedesktop.png)
thomas-krenn.com | 25

If you select the menu item Remote Desktop from display a button that opens the corresponding
the WAC navigation bar, the tool will indicate if the settings.
feature is not active on the target computer and

Admin Center will notify you that Remote Desktop is not enabled on the target machine and will offer to turn it on. (admin-center-remotedesktop-
deaktiviert.png)

Here, you can activate Remote Desktop on the to only allow computers with network-level
remote computer and activate the security option authentication.

Activating Remote Desktop in Admin Center (admin-center-remotedesktop-aktivieren.png)


thomas-krenn.com | 26

Error when activating firewall rules


As soon as you attempt to save this setting, WAC operation runs into a translation-related error on
tries to activate the firewall rules responsible German machines.
for Remote Desktop on the server. However, the

Admin Center cannot activate the firewall rules for Remote Desktop on a German Windows machine.
(admin-center-remotedesktop-aktivieren-firewall-fehler.png)

In this case, you have to change the settings By entering “Remote Desktop” in the search box,
manually by switching to Firewall in the navigation you can find the rules that apply to it and activate
bar and then to the tab Incoming rules. them manually.

Manually enabling firewall rules for Remote Desktop (admin-center-remotedesktop-aktivieren-firewall-regel-aktivieren)


thomas-krenn.com | 27

Tools as RemoteApp
Now, nothing should stand in the way of item called RemoteApp (it’s a known problem that
establishing a Remote Desktop connection. The it sometimes doesn’t appear in the list.
connection will show the complete desktop of the If it isn’t displayed, you have to adjust the URL
server. Alternatively, Admin Center offers the option manually as shown in the screenshot below). Here
to activate the RemoteApp tool when activating you can enter individual applications that you want
Remote Desktop access (see screenshot above). to access this way – for instance, MMC-based or
After reloading the page in the browser, the Admin other GUI tools.
Center navigation bar should contain another menu

Adding a program as a RemoteApp to Admin Center (admin-center-remoteapp.png)

Overall, the load times of the web-based RDP sporadically resort to this option.
client are relatively long, so you will probably only

10. Copying files to a Windows server


If you want to transfer files to a server – for On Server Core, however, Remote Desktop is usually
instance, to install or configure software – Windows deactivated, so that this option is not available
Admin Center provides a browser-based alternative there.
to the known methods. In addition to uploading In this case, another option is offered by PowerShell,
and downloading, the tool also supports other file which added the two new parameters ToSession
operations. and FromSession to the Copy-Item cmdlet in
If you need to upload files to a server as an version 5. But to do that, you first have to set up a
administrator and that server has no shares, the remote session to the target machine.
usual method is to copy them via an RDP connection.
thomas-krenn.com | 28

Files tool in Admin Center


The latest option for transferring files to a server managed via the gateway mode can be addressed
comes from Windows Admin Center. If you’re so that no share or Remote Desktop has to be
managing servers with this tool anyway, then it configured or installed on the target computers.
only makes sense to perform file transfers this way The corresponding function can be found under the
as well. menu item Files. Here, you can navigate through
Using WAC here offers several advantages. First, the file system of the remote computer and select
it is a browser-based tool that provides a GUI for the destination directory for the copy operation.
file operations even if the target is a Server Core While the Download button is located directly in
machine. On the other hand, all computers that are the menu bar, Upload is hidden under More.

Uploading files in Windows Admin Center (windows-admin-center-file-upload.png)

As you will quickly notice, this method also has a per operation and can’t transfer entire folders.
drawback. It only allows the copying of a single file

When uploading ZIP archives, you can


have them unzipped automatically.
(windows-admin-center-dateien-upload-
zip.png)
thomas-krenn.com | 29

If you upload a ZIP file, you can unzip it automa- under Share, which opens a relatively simple dialog
tically. To do this, activate the option “Extract file box.
after upload”. Alternatively, you can use the Extract Once more, it is quickly apparent that Admin Center
command from the More menu. is relatively poorly equipped compared to the native
In addition to transferring files, this tool also allows Windows tools. If you want to share a directory not
you to delete and rename files as well as create only via SMB, but perhaps also via NFS or configure
folders. Since version 1807, the module can also features like SMB encryption, quotas or offline files,
share files and folders in the network. The new you will still need to use Server Manager.
function is hidden in the More drop-down menu

11. Summary
With Windows Admin Center, Microsoft is following interface does not yet exist.
an industry-wide trend toward web-based admin In addition, the rudimentary role concept does not
consoles. This results in significant advantages for allow for the granular delegation of tasks.
users, such as platform independence on the client, What’s clear is that Microsoft is continually
the easier delegation of tasks to standard users developing Admin Center and providing new
and the management of private and public cloud releases at quick intervals. However, there is no
resources via a single interface. explicit roadmap as to when and whether the web-
At the moment, Admin Center only scratches the based tools will cover further roles and features of
surface of what is possible here as it only supports Windows Server – particularly the management of
Google Chrome and Microsoft Edge on Windows 10 Active Directory or Remote Desktop Services.
at the frontend while a mobile version of the web
thomas-krenn.com | 30

Microsoft promotes Admin Center each time Server Manager starts in Windows Server 2019.
(Windows-Admin-Center-Hinweis-Server-Manager.png)

Currently, WAC can only replace RSAT in a few areas. Another positive aspect is the advanced integration
At the same time, it provides a GUI for Windows of Azure services, which are foreign to MMC-based
Server features that cannot be managed with RSAT. tools. So, if you don’t want to limit yourself to
This includes hyper-convergent infrastructures and PowerShell, you will have to get used to the idea of
new Windows Server 2019 features such as System using both RSAT and WAC over the longer term.
Insights and Storage Migration Services.
Thomas-Krenn.AG
Speltenbach-Steinäcker 1
D-94078 Freyung
thomas-krenn.com

You might also like