16/19

Managing Windows Server

with Windows Admin Center
Table of contents
1. Why browser-based admin tools? 3|

2. Admin Center versus existing tools 4|

3. WAC not yet a replacement for RSAT 5|

4. Components of Windows Admin Center 6|

5. Installation and operation 7|

Management via PowerShell, WMI and WinRM
Supported web browsers
Integration with Azure
Installing Windows Admin Center on Server Core

6. Setting access rights via roles 11|

Controlling access to the gateway
Roles for the management of target systems
Activating access controls, assigning roles
Rudimentary role concept limits delegation options

7. Installing the Hyper-V role and configuring the host 16|

Adding roles
Creating a vSwitch
Strengths and weaknesses of WAC for Hyper-V management

8. Creating and configuring virtual machines 19|

Creating a new VM
Installing the guest OS
Subsequently changing VM settings
Creating and managing snapshots

9. Activating Remote Desktop and starting it in the browser 24|

Error when activating firewall rules
Tools as RemoteApp

10. Copying files to a Windows server 27|

Files tool in Admin Center

11. Summary 29|


Managing Windows Server 2016/2019 with
Windows Admin Center
With Windows Admin Center (WAC), Microsoft
is joining the industry trend towards web-based
management tools – though somewhat later
than most. While still a long way from its final
release stage, the manufacturer recommends it
for managing Windows Server 2019. Admins must
therefore expect to juggle a range of different tools
for the Microsoft platform over an extended period.
1. Why browser-based admin tools?
The main advantage of web-based admin tools is
clear: They do not require the installation of software
on the end device and can run on practically any
device with a modern browser installed. This is a
particular strength when administrative tasks are
to be delegated to standard users in specialist
departments.
For such scenarios, it should be possible to reduce the
web interface to the required functions. However,
this requires a role concept that allows flexible
customization of the GUI and can also be used to
control the permissions of the respective users. A
separate section in this text therefore examines the
question of which options Admin Center currently
thomas-krenn.com | 3
Admin Center is Microsoft’s second attempt to
develop web-based tools for the management of
Windows servers. It’s first was Server Management
Tools (SMT) – an Azure service that was discontinued
in mid-2017. WAC, on the other hand, is a pure on-
premises solution that users install on their own
computers.
offers for assigning access rights.
Finally, browser-based tools are an advantage
when hybrid environments consisting of local and
cloud-based resources are to be managed via a
single interface. Services in the public cloud are
inherently designed for management via web APIs.
One argument against browser consoles for a
long time was the poor usability of web interfaces.
Today’s web technologies, however, allow the
development of interfaces that are on a par with
their desktop counterparts in terms of convenience.
Windows Admin Center has a modern web GUI that
provides dynamically updated performance charts.

WAC uses a modern web interface that displays important indicators in live charts.
(Windows-Admin-Center-Leistungsindikatoren.png)
2. Admin Center versus existing tools
In addition to WAC, which appeared in its first official
version in Q2 2018 with Windows Server 1803,
Microsoft has a broad portfolio of management
tools. These include Remote Server Administration
Tools (RSAT), System Center products and the SaaS
tool Intune.
Admin Center has very little overlap with the
heavyweight tools of the System Center family.
Products such as the Configuration-, Operations-
or Service Manager cover tasks for which Admin
Center is not intended. Functional overlaps exist
with the not too popular Virtual Machine Manager
(SCVMM). Incidentally, a “webification” of System
Center is still largely pending.
There is similarly little competition with Intune,
thomas-krenn.com | 4
whose focus is on Unified Endpoint Management.
With the recent introduction of the ability to
distribute Win32 applications, cloud-based
software is increasingly entering System Center
Configuration Manager (SCCM) territory.
By contrast, Admin Center is to be seen as an
alternative to RSAT, which it will probably replace
in the long run. As the example of vSphere shows,
porting complex tools from the desktop to the
browser can take a long time. However, VMware
recently completed this transition after developing
a Flash-based web client. Microsoft is still at the
beginning of this process with WAC.
 thomas-krenn.com | 5

3. WAC not yet a replacement for RSAT

Admin Center, like RSAT, is primarily used to manage
roles and features provided by Windows Server.
Unlike VMware, which equipped the vSphere web
client with the functions of the native Windows
client, the relationship between RSAT and WAC is
more complicated.
Admin Center does not nearly have all the functions
of RSAT at this point, yet it already offers exclusive
features for managing Windows Server 2019.
For instance, if you don’t want to forgo a graphical
admin UI for certain aspects of the current server
operating system (e.g. storage migration services
or system insights), then you’ll need to use WAC.

Only WAC provides a GUI for capacity planning with system insights. (Windows-Admin-Center-System-Insights.png)

The functionality of Admin Center in relation to RSAT can be categorized as follows:

WAC has features that are:

• Incomplete compared to the Microsoft Management Console (MMC) tools. This applies
to most components.

• Largely feature-complete. This applies, for example, to the management of Hyper-V.

A separate section below shows how WAC manages such a relatively complex system
component.
 thomas-krenn.com | 6

• Unique and not present in RSAT, such as Storage Spaces Direct monitoring. This also
includes useful little helpers like an RDP web client and a file upload service, which are
also covered here.

• Missing completely. This applies to important services such as Active Directory, DHCP,
DNS and Remote Desktop Services.

There is no exact timetable as to when which Term Servicing channel.

functions will be added. However, Microsoft is Due to the fast update cycles, Admin Center is
publishing previews of WAC in relatively short not yet included in the scope of delivery for the
intervals and has so far released an official version operating system.
for each server release in the Semi-Annual or Long-

4. Components of Windows Admin Center

WAC consists of four components:
Server Manager: This includes functions to manage
the (as of now supported) roles and features of
Windows Server. In contrast to the tool of the same
name in RSAT, which was given the capability for
multi-server management in version 2012, only
individual computers can be managed with WAC.
Computer Management: This is used to manage
Windows 10 PCs. Its functions largely overlap with
those of the MMC program of the same name.
Failover Cluster Manager: At first glance, this is the
web equivalent of the MMC-based tool of the same
name. It allows for the management of a server
group’s resources such as disks, networks, cluster
nodes, roles, VM, and vSwitches.
It can also be used to control Cluster-Aware
Updating. The web variant, however, is not yet able
to set up failover clusters; for this, you still have to
fall back on the classic tools.
Hyper-Converged Cluster Manager: Windows
clusters running virtual machines and
simultaneously providing software-defined storage
with Storage Spaces Direct could initially only be
managed through PowerShell. WAC is currently
the only graphical management tool for these
configurations. Its dashboard provides all the
essential metrics of such an environment, which
Admin Center can manage and monitor, but cannot
set up.

The Windows Admin Center modules

(Windows-Admin-Center-Komponenten.png)

In addition to these four modules and the functions
they contain, Admin Center has a mechanism for
adding extensions. It allows Microsoft or third-party
vendors to mount their tools in the web console.
5. Installation and operation
Installation is surprisingly simple: If you expected
that you would have to activate and configure the
Internet Information Services (IIS) first, you will
be pleasantly surprised. The software comes with
its own web server, which is established with the
setup.
The whole process entails opening the MSI installer
and navigating three dialog boxes for essential
settings. It supports Windows 10 x64 and Server
To install Admin Center, you need at least Windows 10 or Server 2016 or 2019 (windows-admin-center-server-2012r2-setup.png).
thomas-krenn.com | 7
Currently, there are mainly extensions from
hardware manufacturers that allow users to
monitor servers or storage systems.
versions 2016 and newer.
Since Preview 1802, a high-availability deployment
in a failover cluster is also planned.
The web tools can be installed on Windows Server
2016 and 2019 as well as on Windows 10. Older
versions of the server OS from 2012 are also
supported but will require a current version of
the Windows Management Framework. A limited
number of features function with Server 2008 R2.

A specific feature of installing WAC on Windows
Server is that you can upload or create an SSL
certificate. This allows secure HTTPS connections to
When WAC is installed on a Windows server, it serves as a gateway to manage other resources. Source: Microsoft
(Admin-Center-Architektur.png)
However, this does not work if you install the web
tools on a client PC running Windows 10.
In this case, you can only manage remote systems
from this particular machine – it cannot be used as
Management via PowerShell, WMI and WinRM
There is no need to install any software on the
managed computers. Communication from the
gateway machine running the management tools
to the managed servers in the background is
performed via Remote PowerShell and WMI over
WinRM. Therefore, as with PowerShell, WinRM must
thomas-krenn.com | 8
be established with this server in order to use it as
a gateway for the management of other machines.
a gateway.
As a result, rights management is also not available
in this case.
be activated and the firewall configured accordingly.
This is the default setting with Windows servers
since version 2012. If the target systems are
members of a workgroup, you must first add them
to the TrustedHosts list.
 thomas-krenn.com | 9

With Windows Admin Center, servers can be managed from version 2012 and newer while limited support is available for Server
2008 R2 since version 1806. (windows-admin-center-server-2012r2.png)

Supported web browsers

A major advantage of web-based consoles is that
you can manage systems from any device that
has a modern browser. However, Microsoft only
supports Google Chrome and Edge on Windows 10
currently.
While Windows Admin Center will run on Firefox,
the manufacturer does not support it and it cannot
be run on IE.

IE – the only browser natively available under Windows Server – is not supported (Windows-Admin-Center-IE11.png)

This results in the paradoxical situation where the
new admin tools cannot be used with the default
Integration with Azure
Although Admin Center is a pure on-premises
solution, Microsoft is positioning it as a hybrid cloud
management tool. This means that Windows
servers in an Azure VM can also be managed in
Access rights to the gateway can also be configured for Azure AD users. (windows-admin-center-azure-ad.png)
Installing Windows Admin Center on Server Core
The browser-based management GUI for Windows
does not require a server with an installed desktop
experience – it can also be set up on Core. In this
case, starting a silent installation right from the
command line is the way to go. This option also
works, of course, on a server with a GUI.
Usually, Windows servers nowadays run in a VM,
so you have to transfer the MSI package there first.
For this task, we recommend the PowerShell Copy-
VMFile cmdlet on Hyper-V. After the successful
transfer, you can start the installation process on
the Server Core command line.
thomas-krenn.com | 10
server console as it has neither of the two required
browsers.
addition to local servers.
For this purpose, Admin Center has been supporting
Azure AD authentication since Preview 1803.
Here, you must provide the essential parameters
when using the msiexec function. It is important to
note that, under PowerShell, the installer expects
the absolute file path to the MSI package.
Further parameters include the port for connecting
to Admin Center and the selection of the certificate:
msiexec /i C:\Users\me\WindowsAdminCenter1804.
msi /qn /L*v log.txt SME_PORT=443 SSL_
CERTIFICATE_OPTION=generate
 thomas-krenn.com | 11

Installing Windows Admin Center from the command line (windows-admin-center-install-cli.png)

In this example, Admin Center would use the that already exists on the computer, you have to
default SSL port (443) and generate a certificate specify it instead.
itself during setup. If you want to use a certificate

SSL_CERTIFICATE_OPTION=generate
or for existing certificates:
SME_THUMBPRINT=<thumbprint> SSL_CERTIFICATE_OPTION=installed

If you want to remove Admin Center, you will need to use msiexec again:
msiexec /x C:\Users\me\WindowsAdminCenter1804.msi

Uninstalling Windows Admin Center from the command line (windows-admin-center-uninstall-cli.png)

A confirmation window will appear as the final step for removing the software.

6. Setting access rights via roles

Web-based tools, such as Admin Center (WAC), are
particularly useful for delegating tasks to standard
users. In such cases, however, it is important to limit
their rights to what is strictly necessary. For this,
WAC has a role concept based on JEA (“Just Enough
Administration”) that grants non-administrators
the necessary rights.
On this point, Windows Admin Center represents
a clear advance over the traditional tools based
primarily on the MMC.

These older tools do not allow a granular allocation
of permissions.
WAC, on the other hand, has role-based permission
management from the outset. However, this is only
available if WAC was installed in gateway mode on
a Windows server.
Controlling access to the gateway
By default, only users with administrative rights can
connect to the gateway. Other accounts must first
be explicitly added, although direct assignment of
individual users to roles is not possible. Rather, the
tool only allows local or AD groups.
Admin Center provides two roles for controlling
access to the gateway: gateway administrators
and gateway users. The latter are not allowed to
change any settings for the gateway and have no
access to rights management.
The assignment of roles to user groups is done in
Granting gateway access for user groups (Windows-Admin-Center-Gateway-Benutzer.png)
thomas-krenn.com | 12
Rights Management controls both access to the
gateway itself and the managed endpoints.
the settings, which can be accessed via the gear
symbol in the top right-hand corner.
However, the Gateway section is only visible if you
open Admin Center from a Windows session where
you are logged in as an administrative user.
The Access side tab opens a page on which you
can assign rights to normal users using the “+ Add”
button under Allowed Groups. Enter the name of
the group in the respective field. An Active Directory
search is not possible, so you have to type in the full
name manually.

Please note that the mere name of the group is
sufficient if it is located in the same domain as
the gateway server. A notation according to the
domain\group pattern is therefore not required.
Roles for the management of target systems
When an account is granted access to the gateway,
it is not automatically granted permissions for
machines that are to be managed via Admin Center.
To do that, users need administrative rights on each
endpoint.
By default, only those users whose account is a
member of the local administrators group on each
target machine can manage computers through
WAC.
However, Admin Center comes with three predefined
roles, which can also be used by standard users to
Accessing Admin Center with restricted permissions (Windows-Admin-Center-Rollen-Hyper-Admins-Zugriff.png)
thomas-krenn.com | 13
In addition to selecting the role, the user group can
be assigned to the smart card security group, which
forces users to log on using a smart card.
allow access to the managed endpoints.
These are:
• Windows Admin Center Administrators
• Windows Admin Center Hyper-V
Administrators
• Windows Admin Center Readers
Administrators can use most Admin Center
tools and features, though Remote Desktop and
PowerShell remain hidden and the settings for a
machine cannot be opened.
 thomas-krenn.com | 14

As the name suggests, Hyper-V Administrators all three groups are not permitted to make Remote
are limited to managing the hypervisor and virtual Desktop connections, Hyper-V Admins cannot view
machines, and Readers get read-only access. Since VM consoles in WAC.

Activating access controls, assigning roles

To be able to use these user roles, you need to This action configures the server as an endpoint
enable role-based access control in the settings of for JEA and downloads the PowerShell modules
each target computer. required by WAC to the machine.

Activating role-based access control (Windows-Admin-Center-Rollenbasierte-Zugriffsteuerung.png)

In addition, three local groups are created whose add them to these newly created local groups.
names are identical to those of the roles. To assign This task can be automated through group policies.
users or groups with the permissions of these roles,

Benutzer zu den Gruppen für das Admin Center hinzufügen (Windows-Admin-Center-Rollen-Hyper-Admins.png)
In larger environments, this interactive configuration
of endpoints is not practical. In such cases, you can
download the entire package, consisting of the JEA
and DSC files and the PowerShell modules, and
distribute it to the target machines via the preferred
mechanism.
Rudimentary role concept limits delegation options
Building on WMI, WinRM and PowerShell,
Admin Center takes advantage of Just Enough
Administration to give users the rights they need to
manage certain machines, regardless of their other
privileges.
However, this mechanism is currently limited to
three roles – allowing only a very rough allocation of
thomas-krenn.com | 15
The detour with the local groups can be avoided by
adapting the JEA files accordingly and assigning the
roles directly to an AD group. The exact procedure is
described in this documentation.
permissions. For instance, Hyper-V Administrators
are not only delegated the management of certain
VMs; they are also able to edit or delete vSwitches.
The biggest drawback of role-based access control
in Admin Center is that you cannot currently define
your own roles and assign granular rights to them.

7. Installing the Hyper-V role and configuring the host
Hyper-V is one of the few components that can be
administered almost completely via the browser
in Admin Center. This applies both to adding the
Hyper-V role and the subsequent adjustment of the
settings. When using the traditional GUI tools for
this, you would need two of them: namely, Server
Adding roles
The first step is to select the menu item Role &
Features from the navigation bar. In the list that
appears, select Hyper-V and add the role by clicking
Installing the Hyper-V role via WAC (Windows-Admin-Center-Hyper-V-Rolle-installieren.png)
As soon as the server is available again, you can
start configuring the most important parameters.
This is done under Settings, the bottom entry in the
thomas-krenn.com | 16
Manager and Hyper-V Manager.
Once you have added the server to the list of
managed computers, you can use the WAC gateway
to start the necessary actions. The endpoint does
not require any software, such as an agent.
on the plus symbol (“Install” button).
Since the installation of Hyper-V requires a restart,
you can also enable the automatic restart option.
left navigation bar.
The page currently displays five menu items in the
Hyper-V Host Settings section.
 thomas-krenn.com | 17

Settings for Hyper-V in Admin Center and Hyper-V Manager (Windows-Admin-Center-Hyper-V-Manager-Host-Einstellungen.png)

They largely correspond to those in Hyper-V networks. Also missing are the configurations for
Manager, except that the paths for VMs and virtual Hyper-V replica and the virtualization of GPUs on RD
drives are grouped under “General” up virtual Virtualization Hosts.

Creating a vSwitch
Before you can start setting up virtual machines on and set. For this task, there is a separate entry in the
the host, you need to create one or more vSwitches Admin Center navigation bar called Virtual Switches.

Creating a virtual switch for Hyper-V in Admin Center (Windows-Admin-Center-Hyper-V-vSwitch.png)


When creating a new switch, you can only specify
its name and select the type (external, internal,
private). If you choose “external”, the tool displays
the available NICs to which you can bind the
vSwitch.
Strengths and weaknesses of WAC
for Hyper-V management
If you follow the previously described instructions
through to the operational Hyper-V host, the
question arises as to the advantage of using Admin
Center for this task.
The web console’s reactions are noticeably rougher
WAC dashboard for monitoring Hyper-V (Windows-Admin-Center-Hyper-V-Virtuelle-Computer-Dashboard.png)
Scenarios are also conceivable in which the WAC
gateway is placed in the DMZ – thereby enabling
thomas-krenn.com | 18
Other options, such as adding a description, only
become available when you save the new vSwitch
and then edit its settings. In contrast to Hyper
V-Manager, you cannot assign a VLAN ID for the
network of the management operating system.
and slower than the MMC-based tools.
Moreover, some settings are missing – though they
tend to be ones that are rarely used. Instead, WAC
offers a dashboard that presents a host’s most
important metrics and log entries in a clear way.
the management of Hyper-V servers from outside
the corporate network.

However, admins who manage their environment
from a Windows workstation in the LAN will most
8. Creating and configuring virtual machines
So, while there are hardly any occasions to set up
and configure hosts via the browser tools, WAC
offers some real advantages when managing VMs.
In hybrid environments, it can be used to administer
both Hyper-V and Azure VMs from a single console.
Creating a new VM
While creating a new virtual machine in Hyper-V
Manager is done using a wizard, WAC uses a single
web form for the task. This can be opened by
following the Virtual Machines link in the navigation
and then switching to the Inventory tab page.
Creating a new virtual machine (Windows-Admin-Center-Hyper-V-Neue-VM.png)
thomas-krenn.com | 19
likely stick with the conventional tools.
In addition, integration with cloud services such as
Azure Site Recovery or Azure Update Management
makes it easy to back up VMs and update guest
operating systems.
There you click on the “+ New” button and enter
the required data for the new VM. These include the
name of the VM, the drive and directory where the
VM is to be stored, the number of virtual CPUs and
the amount of memory.

Here, you can also select the VM generation (1 or 2),
the network and an existing drive under “Memory
=> Add drive” if you don't want to create a new one.
In addition, the VM can be immediately assigned
an ISO image as a virtual DVD drive to install the
guest OS.
Installing the guest OS
Before starting the VM, you should check your
settings to ensure that the DVD is first in the boot
order. To do this, select the VM on the overview
page, open the “More” drop-down menu and select
Changing the boot order in the settings of a VM (Windows-Admin-Center-Hyper-V-VM-Startreihenfolge.png)
In Hyper-V Manager, you would connect to the VM
at this point and then start it. Once the appropriate
message is displayed, you would press a button to
start the VM from the virtual DVD drive.
In Admin Center the procedure is basically the
thomas-krenn.com | 20
It should be noted that, as a rule, mounting an ISO
file from a network share does not work. The reason
for this is that the credentials used to log on to the
Hyper-V host are not passed on to the computer
on which the file share is located. In this case, you
need to set up a Kerberos delegation first.
Settings.
On the resulting page, select “Boot order”. With
the help of the arrow symbols, you can change the
position of the entries.
same, except that you have to turn on the VM
before connecting to it. To do this, you open the
“More” drop-down menu and select “Connect”.
This will start the RDP web client, provided you have
previously enabled the Remote Desktop feature on

the host.
Note: The current official WAC release 1809 is
suffering from a serious bug that prevents it from
connecting through the RDP web client. This is fixed
in preview version 1809.5.
However, you will notice that connecting via the
web client now takes so long that the VM attempts
to boot from the network via PXE.
After connecting to the VM, you have to restart it via “Send Ctrl + Alt + Del” (Windows-Admin-Center-Hyper-V-VM-Boot-Fehler.png)
An alternative is to download the .rdp file, which is
available in the same menu when the VM is running.
In this case, you would connect via the native RDP
client.
thomas-krenn.com | 21
This means you have no opportunity to press a
button to boot from DVD.
Using “Send CTRL+ALT+DEL”, however, you can
restart the VM. Once you have done this, you should
immediately press a key while the browser window
is still white instead of waiting for an on-screen
prompt.
This variant also requires a restart of the VM while
the RDP client is open (via More => Reset).
With this option, however, one breaks away from
the purely web-based approach and thereby
negates one of the main advantages of WAC.
 thomas-krenn.com | 22

Installation des Gast-OS über den integrierten RDP-Web-Client (Windows-Admin-Center-Hyper-V-VM-RDP-Installation.png)

From here, the interactive installation of the guest response behavior is completely satisfactory.
OS progresses as normal and the RDP web client’s

Subsequently changing VM settings

When creating a new VM through Admin Center, soon as you have saved the VM.
the web form only allows you to configure the most Similar to Hyper-V Manager, not all parameters can
important settings. All others can be changed as be edited when the VM is running.

Settings for VMs in WAC versus Hyper-

V-Manager (Windows-Admin- Center-
Hyper-V-VM-Einstellungen.png)
 thomas-krenn.com | 23

If you open the page under More => Settings, you
will find a list with eight categories, ranging from
General and Memory to Networks and Checkpoints.
This largely corresponds to what Hyper-V Manager
offers. However, in some categories individual
settings are missing – such as Bandwidth
Management under Networks.
One of the most common tasks in VM management
is changing the operating state, i.e. starting,
stopping, shutting down the guest, or turning it off.
All of these actions can be performed through the
browser interface.

Starting, stopping and shutting down VMs via Admin Center (Windows-Admin-Center-Hyper-V-VM-Betriebszustand.png)

Creating and managing snapshots

Admin Center can also be used to create and
manage checkpoints. The type (production vs.
standard), as well as the storage location, can
be defined in the mentioned settings, where the
feature can also be deactivated.
To create a snapshot, you can use the corresponding
command from the “More” drop-down menu.
This opens a dialog in which you can enter a name
for the checkpoint. If this is left empty, the system
will assign a designation based on the date and
time.

Creating a checkpoint for a VM in Admin Center (Windows-Admin-Center-Hyper-V-VM-Snapshot-anlegen.png)

 thomas-krenn.com | 24

The snapshots cannot be managed from the the Checkpoints section, you can then apply, delete,
context of the Inventory list, but rather by following or rename snapshots.
the link that is attached to the name of the VM. In

Managing VM snapshots (Windows-Admin-Center-Hyper-V-VM-Snapshot-verwalten.png)

On this page, Admin Center also provides an WAC is therefore better suited for monitoring VMs
overview of the VM’s most important performance than Hyper-V Manager.
data, which is also displayed as live charts.

9. Activating Remote Desktop

and starting it in the browser
In general, administrative remote access to the
Windows Server console is losing relevance.
However, since Admin Center cannot yet replace
the conventional GUI tools, it attempts to close the
gaps by connecting to a managed server via RDP
and performs tasks there with conventional tools.
WAC has a unique feature among the Microsoft
tools with the web client for Remote Desktop. This
not only allows you to open a complete desktop,
but also individual programs as RemoteApps – such
as MMC-based tools.

Server Manager in Admin Center’s

Remote Desktop client (admin-
center-remotedesktop.png)
 thomas-krenn.com | 25

If you select the menu item Remote Desktop from display a button that opens the corresponding
the WAC navigation bar, the tool will indicate if the settings.
feature is not active on the target computer and

Admin Center will notify you that Remote Desktop is not enabled on the target machine and will offer to turn it on. (admin-center-remotedesktop-
deaktiviert.png)

Here, you can activate Remote Desktop on the to only allow computers with network-level
remote computer and activate the security option authentication.

Activating Remote Desktop in Admin Center (admin-center-remotedesktop-aktivieren.png)

 thomas-krenn.com | 26

Error when activating firewall rules

As soon as you attempt to save this setting, WAC operation runs into a translation-related error on
tries to activate the firewall rules responsible German machines.
for Remote Desktop on the server. However, the

Admin Center cannot activate the firewall rules for Remote Desktop on a German Windows machine.
(admin-center-remotedesktop-aktivieren-firewall-fehler.png)

In this case, you have to change the settings By entering “Remote Desktop” in the search box,
manually by switching to Firewall in the navigation you can find the rules that apply to it and activate
bar and then to the tab Incoming rules. them manually.

Manually enabling firewall rules for Remote Desktop (admin-center-remotedesktop-aktivieren-firewall-regel-aktivieren)


Tools as RemoteApp
Now, nothing should stand in the way of
establishing a Remote Desktop connection. The
connection will show the complete desktop of the
server. Alternatively, Admin Center offers the option
to activate the RemoteApp tool when activating
Remote Desktop access (see screenshot above).
After reloading the page in the browser, the Admin
Center navigation bar should contain another menu
Adding a program as a RemoteApp to Admin Center (admin-center-remoteapp.png)
Overall, the load times of the web-based RDP
client are relatively long, so you will probably only
10. Copying files to a Windows server
If you want to transfer files to a server – for
instance, to install or configure software – Windows
Admin Center provides a browser-based alternative
to the known methods. In addition to uploading
and downloading, the tool also supports other file
operations.
If you need to upload files to a server as an
administrator and that server has no shares, the
usual method is to copy them via an RDP connection.
thomas-krenn.com | 27
item called RemoteApp (it’s a known problem that
it sometimes doesn’t appear in the list.
If it isn’t displayed, you have to adjust the URL
manually as shown in the screenshot below). Here
you can enter individual applications that you want
to access this way – for instance, MMC-based or
other GUI tools.
sporadically resort to this option.
On Server Core, however, Remote Desktop is usually
deactivated, so that this option is not available
there.
In this case, another option is offered by PowerShell,
which added the two new parameters ToSession
and FromSession to the Copy-Item cmdlet in
version 5. But to do that, you first have to set up a
remote session to the target machine.

Files tool in Admin Center
The latest option for transferring files to a server
comes from Windows Admin Center. If you’re
managing servers with this tool anyway, then it
only makes sense to perform file transfers this way
as well.
Using WAC here offers several advantages. First,
it is a browser-based tool that provides a GUI for
file operations even if the target is a Server Core
machine. On the other hand, all computers that are
Uploading files in Windows Admin Center (windows-admin-center-file-upload.png)
As you will quickly notice, this method also has a
drawback. It only allows the copying of a single file
thomas-krenn.com | 28
managed via the gateway mode can be addressed
so that no share or Remote Desktop has to be
configured or installed on the target computers.
The corresponding function can be found under the
menu item Files. Here, you can navigate through
the file system of the remote computer and select
the destination directory for the copy operation.
While the Download button is located directly in
the menu bar, Upload is hidden under More.
per operation and can’t transfer entire folders.
When uploading ZIP archives, you can
have them unzipped automatically.
(windows-admin-center-dateien-upload-
zip.png)

If you upload a ZIP file, you can unzip it automa-
tically. To do this, activate the option “Extract file
after upload”. Alternatively, you can use the Extract
command from the More menu.
In addition to transferring files, this tool also allows
you to delete and rename files as well as create
folders. Since version 1807, the module can also
share files and folders in the network. The new
function is hidden in the More drop-down menu
11. Summary
With Windows Admin Center, Microsoft is following
an industry-wide trend toward web-based admin
consoles. This results in significant advantages for
users, such as platform independence on the client,
the easier delegation of tasks to standard users
and the management of private and public cloud
resources via a single interface.
At the moment, Admin Center only scratches the
surface of what is possible here as it only supports
Google Chrome and Microsoft Edge on Windows 10
at the frontend while a mobile version of the web
thomas-krenn.com | 29
under Share, which opens a relatively simple dialog
box.
Once more, it is quickly apparent that Admin Center
is relatively poorly equipped compared to the native
Windows tools. If you want to share a directory not
only via SMB, but perhaps also via NFS or configure
features like SMB encryption, quotas or offline files,
you will still need to use Server Manager.
interface does not yet exist.
In addition, the rudimentary role concept does not
allow for the granular delegation of tasks.
What’s clear is that Microsoft is continually
developing Admin Center and providing new
releases at quick intervals. However, there is no
explicit roadmap as to when and whether the web-
based tools will cover further roles and features of
Windows Server – particularly the management of
Active Directory or Remote Desktop Services.
 thomas-krenn.com | 30

Microsoft promotes Admin Center each time Server Manager starts in Windows Server 2019.
(Windows-Admin-Center-Hinweis-Server-Manager.png)

Currently, WAC can only replace RSAT in a few areas.
At the same time, it provides a GUI for Windows
Server features that cannot be managed with RSAT.
This includes hyper-convergent infrastructures and
new Windows Server 2019 features such as System
Insights and Storage Migration Services.
Another positive aspect is the advanced integration
of Azure services, which are foreign to MMC-based
tools. So, if you don’t want to limit yourself to
PowerShell, you will have to get used to the idea of
using both RSAT and WAC over the longer term.
Thomas-Krenn.AG
Speltenbach-Steinäcker 1
D-94078 Freyung
thomas-krenn.com