At time of this entry the version of Windows Admin Center that was installed is 1804.25. I'm going to attempt to cover multiple topics being asked around Windows Admin Center, This one will cover How to Install on Windows Server Core 2016 and how to add an Active Directory group to give console access for accounts that do not have Administrator rights on the Gateway Server. In the very near future I will add how to configure just enough admin (JEA) for role based access (RBAC) and How to change Windows Admin Center console access to Azure Active Directory credentials.
On Windows 2016 Server Core Server
All of the instructions can be found here: Install on Server Core
Note: Outside of a lab I would want the endpoint url to be a friendly name like wac.contoso.com. Since I am using a self-generated certificate the url will be the name of the server. Recommendation is to use a cert with Subject alternate names defined and add a friendly dns name.
- Also -
Windows Admin Center Requires, WMF version 5.1 or higher to be installed on both the Gateway Server and all the managed servers.
Download Windows Admin Center onto the Gateway Server.
- msiexec /i WindowsAdminCenter1804.25.msi /qn /L*v log.txt SSL_CERTIFICATE_OPTION=generate
- Or just type in the msi name and follow the prompts. Very Simple.
Verify Windows Admin Center Installed
Run start powershell
Get-CimInstance -ClassName Win32_product | where name -like "Windows Admin*" |fl
Or Run Get-CimInstance -ClassName Win32_softwarefeature | where productname -like "Windows Admin*" |fl
Run get-service serverman*
Run Test-netconnection -port 443 -ComputerName localhost
On a Windows Desktop
Try connecting to Windows Admin Center for the first time by opening up a non-Internet Explorer browser like Edge, Firefox, etc..
https://servername * if cert warning appears bypass, this is due to the self signed certificate.
Grant Console Access to Non-Server Administrators
Lets control who has access to the console. By default all local administrators on the server I installed it on has rights.
In Active Directory create a group (in this demo I will call it "Windows Admin Center Access") this group will be used to give rights to log into the Windows Admin center. Add non server administrative users to the group.
In Windows Admin Center, select the settings button
Then select Gateway Access
Just going to cover Active Directory Groups for now, but could configure this to leverage Azure AD Groups and Accounts.
Under Gateway users, select Add, and type in the group name, then select save
The group has been added
For now I will leave the Gateway Administrators alone. Select Close.
Now try to logon with a user in the group that was given user access.
Should be able to log right in
If the account doesn’t have rights to Windows Admin Center expect a Not Authorized Error
This is all for now stay tuned for for the other post.
-Chad