TABLE OF CONTENTS
INTRODUCTION ...... 5
What is Windows Admin Center?...... 5
Why Would I Use Windows Admin Center? ...... 6
How Does Windows Admin Center Compare to Traditional MMC Tools?...... 6 Pros of WAC over MMC ...... 6 Cons of WAC against MMC ...... 7
Windows Admin Center SystemRequirements and Limitations ...... 8 System Requirements to Run the Windows Admin Center Front-End ...... 8 System Requirements to Access Windows Admin Center’s Interface ...... 9 System Requirements for Windows Admin Center Target Systems...... 9
Windows Admin Center Deployment Choices...... 11 Windows Admin Center Desktop Mode ...... 12 Windows Admin Center Gateway Mode...... 13
Windows Admin Center in High Availability Mode...... 15
INSTALLING WINDOWS ADMIN CENTER ...... 16
Guided Installation on Windows 10 (Desktop Mode) ...... 16
Guided Installation on Windows Server (Gateway Mode) ...... 20
Command-line Installation on Windows Server (Gateway Mode)...... 24
Scripted Installation in High Availability Mode ...... 25 Using PKI Certificates with Windows Admin Center ...... 26 Certificate Requirements for Windows Admin Center ...... 26 Extracting a Certificate Thumbprint to Use with Windows Admin Center...... 29 Third-Party Tools for Selecting the Windows Admin Center Certificate...... 30
Upgrading Windows Admin Center...... 32
Backup SolutionsTrusted 2 by 40,000+ Businesses FIRST STEPS WITH WINDOWS ADMIN CENTER...... 33
Starting WAC in Desktop Mode ...... 33
Accessing WAC in Gateway Mode ...... 34
Windows Admin Center’s First Run Experience...... 34
Major Elements of the Windows Admin Center Interface ...... 36 Connection Type...... 36 PowerShell Display ...... 37 Notifications...... 37 Settings...... 39 About and Help...... 44 Main System List...... 45
System Overview ...... 47
SECURITY IN WINDOWS ADMIN CENTER...... 48
Securing Windows Admin Center...... 48
The TrustedHost List and Windows Admin Center ...... 49
PKI Certificates in Windows Admin Center ...... 50
Credentials in Windows Admin Center...... 51
Configuring Kerberos Delegation for Windows Admin Center...... 52
Controlling Access to Windows Admin Center ...... 52
WINDOWSADMINCENTEREXTENSIONS ...... 54
Available Extensions...... 54
Installed Extensions...... 56
Extension Feeds ...... 56
Develop Your Own Extensions for Windows Admin Center ...... 56
ADDING SYSTEMS TO WINDOWS ADMIN CENTER...... 58
Import a List ...... 60
Search Active Directory (1903+)...... 63
Backup SolutionsTrusted 3 by 40,000+ Businesses USINGWINDOWSADMINCENTER...... 64
Overview ...... 65
Extensions List...... 66
Tips on Using Windows Admin Center...... 67
APPENDIX 1: REFERENCES AND LINKS...... 69
APPENDIX 2: .NET FRAMEWORK PREREQUISITE ...... 71
Enabling the .Net Framework on Windows 10 ...... 71
Enabling the .Net Framework on Windows Server 2012+...... 71
Acquiring the .Net Framework for Windows Server 2008 R2...... 72
APPENDIX 3: WINDOWS MANAGEMENT FRAMEWORK PREREQUISITE ...... 73
APPENDIX 4: FILE SERVER PREREQUISITE...... 74
APPENDIX 5: HYPER-V POWERSHELL MODULE PREREQUISITE ...... 76
APPENDIX 6: ENABLING REMOTE MANAGEMENT...... 77
ABOUT THE AUTHOR ...... 80
ALTARO VM BACKUP...... 81
ALTARO VM BACKUP FOR MSPs ...... 82
ALTARO OFFICE 365 BACKUP FOR MSPs ...... 83
ABOUT ALTARO ...... 84
Backup SolutionsTrusted 4 by 40,000+ Businesses INTRODUCTION
Each version of Windows and Windows Server showcases new technologies. The advent of PowerShell marked a substantial step forward in managing those features. However, the built-in graphical Windows management tools have largely stagnated - the same basic Microsoft Management Console (MMC) interfaces had remained since Windows Server 2000. Microsoft tried out multiple overhauls over the years to the built-in Server Manager console but gained little traction. Until Windows Admin Center.
WHATISWINDOWSADMINCENTER?
Windows Admin Center (WAC) represents a modern turn in Windows and Windows Server system management. From its home page, you establish a list of the networked Windows and Windows Server computers to manage. From there, you can connect to an individual system to control components such as hardware drivers. You can also use it to manage Windows roles, such as Hyper-V.
On the front-end, Windows Admin Center is presented through a sleek HTML 5 web interface. On the back-end, it leverages PowerShell extensively to control the systems within your network. The entire package runs on a single system, so you don’t need a complicated infrastructure to support it. In fact, you can run it locally on your Windows 10 workstation if you want. If you require more resiliency, you can run Windows Admin Center as a role on a Microsoft Failover Cluster.
Backup SolutionsTrusted 5 by 40,000+ Businesses WHYWOULDIUSEWINDOWSADMINCENTER?
In the modern era of Windows management, we have shifted to a greater reliance on industrial-strength tools like PowerShell and Desired State Configuration. However, we still have servers that require individualized attention and infrequently utilized resources. WAC gives you a one-stop hub for dropping in on any system at any time and work with almost any of its facets.
HOWDOESWINDOWSADMINCENTER COMPARE TO TRADITIONAL MMC TOOLS?
Eventually, Windows Admin Center will probably replace MMC tools. It already boasts multiple improvements over the earlier interface. However, it’s not quite there.
PROS OF WAC OVER MMC
Windows Admin Centers’ pros greatly outnumber its cons.
• Overview - WAC includes a dashboard view for a connected system, allowing you to get an overall idea of its status and health at a single glance.
• Singlemanagementpoint - Install Windows Admin Center one time and use it to manage all of your Windows, Windows Server, and Failover Cluster endpoints. You do not need to deal with individual component downloads, Remote Server Administration Tool configuration, or Remote Desktop connections.
• Nospecialclientrequirements - Any modern HTML 5-compliant browser can access Windows Admin Center (tested in Google Chrome and Mozilla Firefox).
• Permanent, self-curated system list - You decide which systems appear in your WAC console. Once added, a system remains until you remove it. Your list belongs only to you. Other administrators configure their own lists.
Backup SolutionsTrusted 6 by 40,000+ Businesses • Extensibility - Leverage the Windows Admin Center SDK to build interfaces of your own. Make them available to others.
• Simplefirewallrules - You only need to open the WSMan port (TCP/5985) between the WAC system and its targets. MMC does not dictate any particular network constraint for its snap-ins, so each tool has its own rules.
• Authenticationandencryption - Secure communications to and from the WAC server with a PKI certificate. It recognizes you by your credentials and passes them on to the destination system. WSMan encrypts its communications from the WAC host to the target.
• Adhocmanagement - Windows Admin Center includes an in-browser PowerShell console so you can directly execute commands when WAC does not provide a suitable interface.
• Futuredevelopment - Microsoft’s WAC team works constantly works hard to improve and expand its usability, features, and capability. Most of the MMC tools have not significantly changed over the years.
CONS OF WAC AGAINST MMC
Despite its strengths, WAC cannot (yet) replace the MMC tools. Here’s where it currently falls short.
• Extentofcontrol - WAC has not yet reached full feature parity with many of the individual snap-ins. The exact degree of control various among tools. Some have nearly the same functionality, but most lack at least a few advanced features.
• Nolocalcontrol - WAC can control the system that you install it on, but it has no presence on any other system. If you need to work at the local console of a managed system and cannot use a browser to access WAC, you will need to use traditional tools.
Backup SolutionsTrusted 7 by 40,000+ Businesses • Noinfrastructurework - WAC can use CredSSP to pass your credentials, but it works best if you enable delegation in Active Directory. MMC runs under your account and some snap-ins can prompt for credentials when necessary.
• Customizableconsoles - You can use MMC to build your own selection of snap-ins and save the console configuration for later use. You can also use custom consoles for staff with specifically delegated permissions.
• Familiarity - You will adapt to WAC quickly. However, do not underestimate the value of comfort that you and your staff have with existing tools. It will take time.
Windows Admin Center will augment your existing tools, but it will not replace all of them (just yet).
WINDOWS ADMIN CENTER SYSTEM REQUIREMENTS AND LIMITATIONS
Windows Admin Center does not need many resources, but it does not work with many versions of Windows. You have three compatibility points to consider:
• Systems that run the WAC service or application
• Systems that you access the WAC interface from
• Systems that WAC manages
SYSTEM REQUIREMENTS TO RUN THEWINDOWSADMINCENTERFRONT-END
You can install Windows Admin Center on Windows 10 or any edition of Windows Server 2016 or later. That includes Core mode and the Semi-Annual Channel releases. Be aware that your choice of desktop or server operating system dictates Windows Admin Center’s operating mode. The next section covers WAC’s two modes.
Backup SolutionsTrusted 8 by 40,000+ Businesses Microsoft does not publish any special hardware requirements for WAC. It uses a lightweight web server for the front-end components and relies on WinRM connections to manage and maintain targets. If the target system meets the minimum requirements for the operating system, it should have no troubles with Windows Admin Center.
The system running Windows Admin Center does need a functional network connection so that it can reach the target systems. It helps if the WAC system and all targets belong to the same domain, but it does function with some or all systems in workgroup mode.
SYSTEM REQUIREMENTS TO ACCESS WINDOWS ADMIN CENTER’S INTERFACE
You need very little to access Windows Admin Center as a client. You only need a modern web browser capable of running HTML 5 pages and JavaScript. Internet Explorer does not work. Google Chrome and Mozilla Firefox both have full support.
The client system needs network access. If WAC runs on a remote server, then the client needs access on the designated port (443 by default). If WAC runs locally, then only the WAC itself has particular network requirements (covered in the other subsections).
SYSTEM REQUIREMENTS FOR WINDOWS ADMIN CENTER TARGET SYSTEMS
Windows Admin Center can manage a wider range of systems than it runs on, but not all systems that you might use. Also, some systems have additional requirements.
SUPPORTED TARGET OPERATING SYSTEMS
You can target these operating systems:
• Windows Server 2008 R2 and later
• Windows 10
Backup SolutionsTrusted 9 by 40,000+ Businesses WAC cannot target Linux older Windows operating systems. Also, WAC has regressively reduced functionality when targeting systems older than Windows Server 2019.
FIREWALL REQUIREMENTS
All systems have the same firewall requirements:
• TCP port 5985 to allow WinRM communications
• Optional: TCP port 3389 to use WAC’s Remote Desktop Connection feature
SeeAppendix 6 for a note on enabling remote management. That typically applies only to servers installed in Core mode but may help when troubleshooting connectivity problems for Desktop Experience systems as well.
SOFTWAREPREREQUISITES
There are a few additional software and configuration requirements:
• NetFramework4.5.2orhigher - All operating systems from Windows Server 2012 onward include and enable this feature by default. SeeAppendix 2 for details on acquiring, enabling, and verifying the .Net Framework.
• Windows Management Framework (WMF) version 5.1 or later - Windows Server 2016 and later ship with this feature installed and operational. See Appendix 3 for details on acquiring and verifying the WMF version.
• TheFileServerrole(serverSKUsonly) - WAC needs the File Server role to manage some features. SeeAppendix 4 for details on enabling Windows Server’s File Server role.
• The Hyper-V PowerShell module (Hyper-V systems only) - WAC leverages the Hyper-V PowerShell module to control Hyper-V systems. The module must exist on the target system. SeeAppendix 5 for details on enabling the Hyper-V PowerShell module.
Backup SolutionsTrusted 10 by 40,000+ Businesses Note:third-party WAC plugins may have their own requirements.
WINDOWS ADMIN CENTER DEPLOYMENT CHOICES
WAC provides several deployment options. They are neither exclusive nor permanent, so you have the freedom to explore and change your mind if things don’t work out.
First, you have two overall installation options:
• Desktopmode - When you install WAC on Windows 10, it automatically runs in “Desktop Mode”. The “smedesktop.exe” application runs on-demand, listening on a non-standard port that you specify at install time (6516 by default). When you invoke the application, it spawns an instance of the default web browser. Microsoft does not support accessing a desktop mode installation from a remote computer.
• Gatewaymode - When you install WAC on Windows Server, it automatically runs in “Gateway Mode”. The installer creates a traditional Windows service that continuously runs “sme.exe” in the background. It creates a web service which runs on the standard HTTPS port (443, configurable at install time). Use this mode to access a single WAC system from multiple systems.
• Thedesktopmodehasonlytheoneusage – as a local, on-demand application. Gateway mode has multiple deployment options. Because Windows Admin Center does not have any agent components, you can install WAC on multiple systems, and they will not conflict. Build the deployment scenario that suits your organization.
Backup SolutionsTrusted 11 by 40,000+ Businesses WINDOWS ADMIN CENTER DESKTOP MODE
When you install Windows Admin Center on Windows 10, you can only run it from that system. If you work with other administrators, they can install WAC on their own desktops.
This configuration works very well for very small organizations and in situations where administrators have very few overlapping responsibilities.
Backup SolutionsTrusted 12 by 40,000+ Businesses WINDOWS ADMIN CENTER GATEWAY MODE
When you outgrow the desktop mode or just want a permanent central installation, you can use Windows Server to install Windows Admin Center in gateway mode.
In this build, all administrators connect to one server running Windows Admin Center. The WAC server handles the connections to individual targets. Each administrator can still separately choose which systems to control. This configuration can work for practically any size organization.
It may seem counterintuitive; you can use WAC in gateway mode to go smaller. If you only have one server, you can just install WAC directly on it. Connect to WAC from your desktop and use it only to control that server.
Backup SolutionsTrusted 13 by 40,000+ Businesses This works best for very small organizations, of course, but keep it in mind for more complicated builds as well. WAC has such a small footprint that you can just use it as a secure, single-keyhole graphical management tool for any individual server.
Build on all of the above to address more complicated needs. For instance, you can have multiple installations of Windows Admin Center.
You can use multiple WAC systems to control disparate systems. That allows each administrator to maintain separate WAC lists so that any one doesn’t get too long. You
Backup SolutionsTrusted 14 by 40,000+ Businesses can also use it to address problems with firewalled networks. Be aware that nothing within WAC enforces such groupings.
You can combine everything that you’ve seen so far.
Since you need to supply valid credentials to connect to any system, multiple installations of WAC pose no particular security risk. Its lightweight nature means that it won’t place a drag on system resources. The main barrier to using multiple WAC installations is the overhead of maintaining them.
WINDOWSADMINCENTER IN HIGH AVAILABILITY MODE
You can configure Windows Admin Center to run as a protected Microsoft Failover Cluster role. Functionally, it acts just like the single-server gateway mode. Clustering helps to ensure that administrators can continue to use it through updates and reboots.
Backup SolutionsTrusted 15 by 40,000+ Businesses INSTALLING WINDOWS ADMIN CENTER
Windows Admin Center ships in a traditional Microsoft Installer (MSI) package. It automatically adapts to its environment, installing in desktop mode when it detects Windows 10 or in gateway mode when it detects Windows Server. The installer also allows you to select most options through command-line options, which enables automated installations and updates.
Start by acquiring the most recent install package from Microsoft: https://aka.ms/windowsadmincenter. You can choose between the latest production release and an Insider’s build. This eBook deals with production release 1809.51 and preview release 1903.
GUIDED INSTALLATION ON WINDOWS 10 (DESKTOP MODE)
These steps walk through the graphical mode installation of Windows Admin Center on Windows 10. Just double-click the downloaded MSI file to start.
1. On the license screen, check the accept box and clickNext . 2. The installer notifies you that it will install in desktop mode and gives some details about gateway mode along with a link to more information. Click Next.
3. Choose WAC’s operating options:
a. You can override the port from its default of 6516.
b.You can allow WAC to override the local system’s TrustedHosts entries. If you do not select this option, you will need to manually edit the TrustedHosts lists in order to manage remote systems. The security section will have more on TrustedHosts.
c. Create a desktop shortcut for WAC.
Backup SolutionsTrusted 17 by 40,000+ Businesses 4. Click Install once you have set your desired options.
5. After the install completes, it will present a screen warning you about certificate selection. WAC in desktop mode creates a long-lasting self-signed certificate for use on its web server, but you must manually select it at first run. Read the screen and, if desired, check the box to start Windows Admin Center when the installer closes. Click Finish. If you did not select the option to create a desktop shortcut, you can start Windows Admin Center from the Start menu:
The first time you run Windows Admin Center, it will ask you to select a certificate, just as the installer warned. If it does not present the expectedWindows Admin Center Client certificate, clickMore Choices to find it. Select the WAC certificate if necessary and click OK.
Windows Admin Center will then launch your default browser and connect to its local site. You can jump right in on your own or skip forward to the section on WAC’s first run.
Backup SolutionsTrusted 19 by 40,000+ Businesses GUIDED INSTALLATION ON WINDOWS SERVER (GATEWAY MODE)
This subsection walks through the graphical mode installation of Windows Admin Center on Windows Server. If you’re running a full Desktop Experience installation, double-click the downloaded MSI file to start. If you’re running in Core mode, you can invoke the MSI file directly, ex:
C:\Users\Eric\Downloads\WindowsAdminCenter1809.51.msi
When the installer opens, follow these steps:
1. On the license screen, check the accept box and clickNext .
2. Select whether you wish to update Windows Admin Center automatically via Windows Update or to only update manually.
Backup SolutionsTrusted 20 by 40,000+ Businesses 3. You will see an informational screen that talks about the benefits of the gateway installation mode and presents a link for more details. Just click Next.
Backup SolutionsTrusted 21 by 40,000+ Businesses 4. Choose whether or not you wish to allow WAC to modify the local system’s TrustedHosts list. You may need this to manage some remote systems. If you opt not to allow WAC to make the modifications, you may need to do it yourself. See Appendix 1 for a link to more information about the TrustedHosts list.
5. You now have multiple options that control the behavior of the web server.
a. Choose the port that WAC will use to listen for client requests. It chooses the standard HTTPS port, 443, by default.
b.Choose whether or not to generate and use a self-signed certificate or provide a thumbprint from an installed certificate. WAC will use your selection to authenticate itself and encrypt traffic to clients that connect to the web server. An upcoming section shows how to use a proper PKI certificate. If you do not currently have a PKI certificate, allow the installer to generate a self-signed certificate. You can change it later.
Backup SolutionsTrusted 22 by 40,000+ Businesses c. If you wish, choose the option to Redirect HTTP port 80 traffic to HTTPS. That will ensure that anyone who opens your web server by simply entering its address into their web browser will automatically reconnect to the proper port. Unless your server already has something listening on port 80, you should choose this option.
6. Click Install. The installer will enact your choices.
7. After the installation completes, it will display the URL to use and provides a link to supported browsers. ClickFinish . Unlike the desktop mode installer, you do not get any local shortcuts for gateway mode. However, you can still access the WAC page locally using a supported browser and the URL (assuming a Desktop Experience installation of Windows Server).
You can connect to the newly-installed WAC page from any client system. You can get started on your own or jump to the section that shows the first steps to using WAC.
COMMAND-LINE INSTALLATION ON WINDOWS SERVER (GATEWAY MODE)
The installer for Windows Admin Center exposes most of its configuration points through switches. You can use these to bypass the GUI screens entirely, which aids in automation. You can use the command-line to install fresh and to modify existing installs.
To describe this process succinctly, you call the built-inmsiexec.exe witha combination of its universal switches and switches specific to WAC. Switches that start with a slash (/) belong to msiexec.exe and case does not matter. The installer passes switches without a slash into the MSI and case does matter.
• Install switch (also used for update, upgrade, and modify operations), with MSI filename: /i WindowsAdminCenter
• Quiet switches prevent the UI from displaying, which would ignore all other switches
• No interface at all: /qn
◦ “Basic” interface, with progress bar only:/qb
◦ Output installer activity to a log file, useful for troubleshooting: /l*v
Backup SolutionsTrusted 24 by 40,000+ Businesses • Listening port (the installer ignores this switch in some versions, most likely a bug): SME_PORT=
• Thumbprint of the locally installed PKI certificate to use: SME_THUMBPRINT=<40 char hex SHA1 thumbprint>
• Whether to use an installed certificate or generate a self-signed certificate: SSL_CERTIFICATE_OPTION=installed Or SSL_CERTIFICATE_OPTION=generate
• Prevent the installer from restarting the WinRM service: RESTART_WINRM=0
An example installation that uses a self-signed certificate: msiexec.exe /i C:\Downloads\WindowsAdminCenter1809.51.msi /qb SME_PORT=443 SSL_CERTIFICATE_OPTION=generate
Specifying a certificate for the installer presents some challenges. An upcoming subsection covers certificate selection in more detail.
SCRIPTED INSTALLATION IN HIGH AVAILABILITY MODE
Microsoft publishes a script that will install and configure Windows Admin Center on every member of a Microsoft Failover Cluster. You must have already established the cluster and configured it with a Cluster Shared Volume (CSV) with at least 10 GB of free space.
The script has many parameters that grant a great deal of flexibility. Microsoft’s official documentation provides the most thorough coverage. If you want to cluster WAC, seeAppendix 1 for a link.
Backup SolutionsTrusted 25 by 40,000+ Businesses USING PKI CERTIFICATES WITH WINDOWSADMINCENTER
Windows Admin Center requires a PKI certificate to present to clients that connect to its web server. It does allow for the use of self-signed certificates. You can also use a certificate signed by a public or internal certification authority.
Self-signed certificates present two problems. First, the pragmatic problem: the certificate generated automatically by WAC lasts only 60 days. You will need to change it often.
The more urgent problem with self-signed certificates: they offer no validation of any kind. You have no foolproof way to distinguish a certificate self-signed by your WAC server from one created by an attacker. Because you will provide administrative credentials for all of your organization’s servers to the WAC server, you do not want to trust a self-signed certificate.
CERTIFICATE REQUIREMENTS FOR WINDOWS ADMIN CENTER
Unfortunately, WAC does not make it easy to select a certificate issued by a valid authority. You must have a valid certificate already installed and you must extract its SHA1 thumbprint in plaintext format.
Start with the certificate portion. A usable certificate meets these requirements:
• Issued by a public provider or your organization’s internal PKI
• Is within its validity period
Backup SolutionsTrusted 26 by 40,000+ Businesses • HastheComputer Authentication enhanced key usage
• Must exist in the WAC computer’s “My” store (thePersonal folder in the Certificate MMC)
Backup SolutionsTrusted 27 by 40,000+ Businesses • The WAC computer must hold the private key that matches the certificate’s public key
Appendix 1 includes links with additional information on PKI certificates. It includes links to Let’s Encrypt, which issues free public certificates, an article on establishing your own internal PKI, and requesting and installing certificates.
Backup SolutionsTrusted 28 by 40,000+ Businesses EXTRACTING A CERTIFICATE THUMBPRINT TO USE WITH WINDOWS ADMIN CENTER
Once you have the certificate prepared, you need to get its thumbprint. You can find that on the certificate’sDetails tabintheThumbprint list item.
You can copy it to the clipboard like any normal data. However, it will likely include some invisible, non-printing space characters that will cause the installer to reject the thumbprint. Paste the data into an application that will reject those characters, such as a standard command line prompt, then copy it again.
Alternatively, you can use PowerShell to gather the thumbprint. At an elevated prompt, run:
dir Cert:\LocalMachine\My
Backup SolutionsTrusted 29 by 40,000+ Businesses That will output a simple display of all certificates in the local computer’s “My” store:
If you can determine from the simple list which certificate that you want, just use your mouse to highlight all 40 characters of the corresponding thumbprint, then press Enter to place it on the clipboard.
The above screenshot is busier than most because the system was used to test multiple certificates. You likely will not have the same plethora of options. However, you definitely want to skip the entries that sayWindows Admin Center,astheyare the self-signed certificates created by the installer. If you need more information about the installed certificates in order to decide, you can retrieve a greater number of properties:
dir Cert:\LocalMachine\My | fl *
You will get a lot more output that way, but it will show all of the fields of each certificate.
THIRD-PARTY TOOLS FOR SELECTING THE WINDOWS ADMIN CENTER CERTIFICATE
Fortunately, a third-party tool, “Windows Admin Center Certificate Selector”, exists to make WAC certificate selection much easier.
Backup SolutionsTrusted 30 by 40,000+ Businesses This tool allows you to select the certificate from a drop-down list, shows enough information to help you ensure that you have the correct certificate, ensures that it meets the requirements, and runs the WAC installer for you:
You can find the open source project “Windows Admin Center Certificate Selector” on GitHub. A link is provided in Appendix 1.
Backup SolutionsTrusted 31 by 40,000+ Businesses UPGRADINGWINDOWSADMINCENTER
Windows Admin Center will automatically upgrade itself to each new production release version. If you want to upgrade manually or to a preview version, then you only need to run the installer. It will automatically retain your port and certificate settings, although it will give you the opportunity to change them.
At your next login, you will receive notice of the upgrade:
The upgrade process preserves all data and only requires a few moments. FIRST STEPS WITH WINDOWS ADMINCENTER
At this point, you have an empty Windows Admin Center installation. You will perform most remaining configuration work from its console. So, start off by connecting.
STARTING WAC IN DESKTOP MODE
If you installed WAC on Windows 10, you need to manually start it before you can connect. If you opted to create a desktop shortcut, just double-click it:
Either way, the installer always creates an entry on the Start menu:
When you run it, it will first launch the WAC application and then it will invoke the system’s default browser, opening it to the WAC URL.
Backup SolutionsTrusted 33 by 40,000+ Businesses ACCESSING WAC IN GATEWAY MODE
If you installed WAC on Windows Server, it will automatically start the service at the end. You can immediately access it from a web browser. You can use the URL that it displayed at the end of the wizard. However, it set up a simple listener on the specified port. So, any URL that resolves to the WAC computer on that port, including the IP address, will work. Of course, you will have certificate errors if the URL does not match at least one of the Subject Alternate Names.
WINDOWS ADMIN CENTER’S FIRST RUN EXPERIENCE
When you first connect to the WAC URL, it will ask for credentials. Two things happen with the credentials that you use:
• You authenticate to the system running WAC
• WAC creates a list of the systems that you connect to and associates it with your account
Backup SolutionsTrusted 34 by 40,000+ Businesses As you will see, the credentials that you use to authenticate to the WAC server will not necessarily be the same ones that it uses to authenticate to targets.
Warning: Windows Admin Center has no logoff feature, so do not save your credentials unless you are willing to clear your browser settings to remove the logon.
After you log in for the first time, Windows Admin Center will show you a welcome screen that includes an introductory tour.
Backup SolutionsTrusted 35 by 40,000+ Businesses At this time, the “tour” is really just a screenshot of the help menu with some accompanying text that encourages you to use the Give us feedback link.
After you skip or finish the tour, WAC will take you to its normal home screen. At this point, you have only the WAC server itself in the list.
MAJORELEMENTSOFTHEWINDOWSADMIN CENTER INTERFACE
TheAll Connections list currently has only the WAC server. It will eventually include all systems that you want to manage. Before we work on that, the interface has several other points you need to know about.
CONNECTION TYPE
By default, Windows Admin Center shows you every type of endpoint it can manage. You can filter the display list by clicking the down arrow next toWindows Admin Center in the top left.
Backup SolutionsTrusted 36 by 40,000+ Businesses Clicking one of the items takes you from the list ofAll Connections to a list pared down to the specified type. You can click theWindows Admin Center link at the top left to reset the view.
POWERSHELL DISPLAY
Windows Admin Center exposes the scripts that it uses. You can use them just to see what happens behind the scenes, explore them for bits to use in your own scripts, or borrow concepts to write scripts of your own.
First, click the PowerShell icon on the right in the top menu bar. Then, select the script that you want to view from the drop-down.
WAC will show the selected script in the text box below the script selector.
The script display uses indentation and color-coded syntax highlighting to make it easier to read. Most scripts also include comments, with varying degrees of helpfulness.
NOTIFICATIONS
Usually, the UI will pop up a box when it needs to notify you of something. If you dismiss the dialog or it gets blocked, it will place a red indicator over the bell icon on the top menu bar. Click that icon to expand the Notifications flyout.
Backup SolutionsTrusted 37 by 40,000+ Businesses By default, the interface will show All active notifications in a single list. You can filter to Error & Warning, Active,orInfo by clicking that header. It will show a small red dot next to the header(s) of categories that contain new notifications.
If you click on a notification, it will take you to itsDetails view. That view contains more information and usually a link to the part of the interface where you can address the reported problem.
Notifications remain until cleared. Each has anX button at the right that appears when you hover over the notification. The list itself has aClear All link above the notifications.
Backup SolutionsTrusted 38 by 40,000+ Businesses SETTINGS
Click the gear icon at the right of the top menu bar to access Windows Admin Center’s settings menu collection. The interface defaults to theLanguage/Region settings (in 1809.51), but we will cover each group in displayed order.
ACCOUNT
TheAccount settings menu does not contain any settings per se. It shows the currently logged on user account, but you cannot make any changes here.
Due to the authentication method that Windows Admin Center’s web interfaces uses; it does not support logging out. If you saved your credentials to the browser when you logged in, you will need to clear your browser settings in order to switch to another user.
Backup SolutionsTrusted 39 by 40,000+ Businesses PERSONALIZATION (1903+)
ThePersonalization screen allows you to switch to the oft-requested dark mode.
Switching to Dark mode takes effect instantly.
The color mode affects only you. Other users can select their view independently.
LANGUAGE/REGION
The Windows Admin Center interface includes localized text for multiple languages and regions. If it did properly detect your language from the environment or you would prefer another, you can choose it here. Changes to the language do not take effect until you refresh your browser.
SUGGESTIONS
Where applicable, Windows Admin Center will suggest Azure services that augment your current activity. You can instruct WAC to suppress these suggestions.
If Microsoft adds new suggestions, you will need to return here to disable them.
ADVANCED
TheAdvanced section contains a pair of rarely used items. First, you can set the console logging level. Second, you can add so-calledExperiment Keys.
Backup SolutionsTrusted 41 by 40,000+ Businesses TheConsole Log that WAC refers to is your browser’s JavaScript console. In most browsers, press F12 to access it. We will revisit the console in a later section.
Experiment Keys enable preview features. These keys are not published for regular public consumption. The best way to gain early access to WAC features is by joining the Insider’s program. When you go to the WAC download page (link provided in Appendix 1) and choose the preview build, you can sign up.
EXTENSIONS
TheExtensions section has enough going on that we will explore it separately. Use the controls that you find here to list, install, update, and remove add-on components that augment Windows Admin Center’s native functionality.
AZURE
Windows Admin Center has multiple possible connections to Azure. Use this section to connect to your Azure account and link up the available components.
Backup SolutionsTrusted 42 by 40,000+ Businesses As of this writing, Windows Admin Center integrates with the following Azure features:
• Azure Active Directory
• Azure IaaS virtual machines
• Azure Site Recovery protection of on-premises virtual machines
• Azure Backup protection of on-premises Windows Servers
• Azure Monitoring for on-premises systems
• Azure Update Management for on-premises systems
• Connect to an Azure Virtual Network with on-premises Azure Virtual Network Adapters
Follow the link on the Azure tab to access the most current list of available services.
ACCESS (GATEWAY MODE ONLY)
Control access to Windows Admin Center on this page.
We will include a more thorough discussion in the security section.
Backup SolutionsTrusted 43 by 40,000+ Businesses SHARED CONNECTIONS (1903+)
In all previous versions of Windows Admin Center, the primary system list in Windows Admin Center contains only items that you’ve added for yourself. Use theShared Connections feature to add connections for everyone.
We’ll demonstrate adding new systems in the “Adding Systems to Windows Admin Center” section.
ABOUTANDHELP
Click the question mark icon at the far right of the top menu bar to access the About and Help subpage. Use this area to get basic information about Windows Admin Center, including the current version and build number as well as Internet links to more extensive documentation.
You can close the subpage by clicking on the question mark again or any other part of the page.
MAIN SYSTEM LIST
If you left the primary list of managed systems while looking around, clickWindows Admin Center at the top left of the main menu to reset your view. The system list appears below the largerWindows Admin Center header bar.
The list segment has the following items:
• Listtype - In the above screen shot, we seeAll Connections,which indicates that the list displays all system types. If you choose any of the system types from the drop-down list next toWindows Admin Center,the header will change accordingly.
• Addbutton - Use this control to bring up theAdd Connections screen where you can add new items to the list.
• Connect -UsetheConnect button to load the Windows Admin Center interface and extensions for the selected system. The option is grayed out in the screen shot because no item is selected.
• ManageAs - Set the credentials to use for the selected item.
Backup SolutionsTrusted 45 by 40,000+ Businesses • Remove - (under theMore drop-down in the screenshot): Removes the selected item from the list.
• EditTags - (under theMore drop-down in the screenshot): Changes the tags associated with the selected item. Use these tags to organize systems.
• Item totals - Between the text buttons and the filter options, you’ll see a pair of counters that list the total number of items in the list and the number of currently selected items.
• Filter - Click the funnel-shaped icon to bring up a list of the currently- applied filters. Check one or more of the items and click Save to restrict the list to items with the corresponding tag(s).
• Searchbox - Type any free-text into the search box to have the list filter by that string. Note that it does not take effect until the third character, and then it will attempt to update in real-time. It will match against the server name, tags, and the managing user name.
In the screen shot, notice the empty box to the left of theName column header. Clicking that will select every item in the list. Clicking any part of an item row outside of its name will select only that item. While you hover over an item row, a box will appear to the left of its name. Clicking that will toggle whether or not that row is selected. Use these boxes to select multiple items. Clicking the item’s name will cause Windows Admin Center to connect to it.
While you have multiple items selected, you can use theAdd , Manage As, Remove, andEdit Tags buttons to modify all selected items at the same time. You can only use Connect with a single item.
Backup SolutionsTrusted 46 by 40,000+ Businesses SYSTEM OVERVIEW
Once you have systems added, you can access any of them by clicking on its name from the main list. That will take you to theOverview page. We will take up the discussion of the overview in the “Using Windows Admin Center” section.
Backup SolutionsTrusted 47 by 40,000+ Businesses SECURITY IN WINDOWS ADMIN CENTER
You have multiple security concerns within Windows Admin Center. First, you have the server itself. Second, you have the connections that it makes to other servers.
SECURINGWINDOWSADMINCENTER
Windows Admin Center and the system that it runs on constitute a serious security concern. You will use that system to exert administrative control over multiple remote systems. In one way or another, it will have valid credentials stored somewhere, which makes it a target.
To address the fundamental security of the Windows Admin Center host:
• Use a PKI certificate issued by a certification authority. You can use a certificate issued by an internal authority within your organization or a trusted third-party. Visit the “Using PKI Certificates with Windows Admin Center” sub-section of the “Installing Windows Admin Center” section above.
• Harden the host and its operating system.
Self-signed certificates constitute a serious security risk. You have no meaningful way to verify the identity of a system that presents a self-signed certificate. Since you will hand over administrative credentials to the system running Windows Admin Center, you need to know for certain that an attacker has not injected an imposter system with a convincing self-signed certificate. You should never use self-signed certificates for production systems.
This document will not cover hardening Windows Server. You will find some security links in Appendix 1. If you do not have experience with Windows Server security, spend some time learning about it. You cannot afford to have your WAC system compromised.
Backup SolutionsTrusted 48 by 40,000+ Businesses THE TRUSTEDHOST LIST AND WINDOWSADMINCENTER
By nature, workgroup-joined systems have little security. They have no ability to verify a foreign system’s identity unless it presents a valid PKI certificate. Unfortunately, most inter-computer communications channels do not employ PKI certificates. When WS-Management (the technology that WAC uses to control remote systems) cannot verify the remote system, it will not connect. As a workaround, you can configure the WSMan TrustedHosts list to bypass verification of named systems.
To enable host-to-host communications, WAC’s installer will add * to the WAC server’s TrustedHosts list. That means that it will automatically trust any non-domain computer that it talks to over WSMan. If you prefer, you can manually control the names on the TrustedHosts list.
Set the TrustedHosts list (removes any existing entries, including the *):
Set-Item WSMan:\localhost\Client\TrustedHosts -Value 'wgsv1, wgsv2'
To add items to the existing TrustedHosts list:
Set-Item WSMan:\localhost\Client\TrustedHosts -Concatenate -Value 'wgsv3, wgsv4'
To view the list:
Get-Item WSMan:\localhost\Client\TrustedHosts
If you would like to empty the TrustedHosts list, set it to an empty value:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value ''
The above should cover all common uses for the TrustedHosts list. If you have more complicated needs, you can find many resources on the Internet for manipulating it.
Remember two things:
1. TrustedHosts does not enforce security – it bypasses security. Any remote computer only needs to have a name that appears on the list and WAC will happily transmit the credentials that you specify.
Backup SolutionsTrusted 49 by 40,000+ Businesses 2. You only need to make this change on the WAC system. You do not need to touch the targets.
If you attempt to connect to a system that requires an entry in TrustedHosts, you will receive an 0x8009030e error.
Once you add the host to the TrustedHosts list, you can immediately try again.
Domain systems with configured delegation (explained later) often work when not on the TrustedHosts list. However, the various negotiation techniques used by WSMan sometimes fail, and modifying the TrustedHosts list will correct it.
PKI CERTIFICATES IN WINDOWS ADMIN CENTER
The installation section covered the salient details of PKI certificates with WAC. To reiterate the major security point of that discussion: use self-signed certificates only for the minimum amount of time. Replace them with true PKI certificates as quickly as possible.
Backup SolutionsTrusted 50 by 40,000+ Businesses You do not need to purchase a certificate from a public provider. You can easily establish your own internal certification authority.Appendix 1 contains a link to an article that guides you through the process. If you feel that your organization is not large enough to even justify that, then prefer using WAC in desktop mode. That way, you are not providing admin credentials to remote systems with uncertain identity.
CREDENTIALSINWINDOWSADMINCENTER
In order to do its work, Windows Admin Center must pass credentials from you as the web user along to the target system that you want it to manage. The way it works depends on a few factors.
If either machine belongs to a workgroup, WAC will remember the full credential set for the target system for one web session only. When you establish a new session to WAC, you will need to supply the password again.
If both machines share a domain but delegation has not been established, then WAC will likely force you to enter a full credential set. Different browsers have varying degrees of success. If you need to supply an alternative set of credentials, WAC will not save them between sessions.
If both machines share a domain and delegation has been established, then WAC will automatically pass your current credentials through to the target system. If those credentials do not work, then WAC will prompt. It will only retain alternative credentials for the current web session.
Problems with credentials have been a common complaint for WAC since its inception, especially in non-Microsoft browsers. Password pop-up prompts can become frequent and annoying. Microsoft is aware of these problems and have been working on ways to reduce them. For the fewest interruptions, use the Edge browser, try to stay current on WAC versions, ensure that the WAC and target(s) belong to the same domain, and establish delegation.
Backup SolutionsTrusted 51 by 40,000+ Businesses CONFIGURING KERBEROS DELEGATION FORWINDOWSADMINCENTER
In order to allow the Windows Admin Center server to pass your credentials straight through to a target system without needing to save them, you must configure delegation in Active Directory. To perform this successfully, you need to use a system running Windows 10 or Windows Server 2016 with the latest Active Directory PowerShell module.
Set-ADComputer -Identity 'targetsystem' -PrincipalsAllowedToDelegateToAccount 'wacserver’
SeeAppendix 1 for a link to a script on GitHub that makes this process easier to perform in bulk.
CONTROLLING ACCESS TO WINDOWS ADMINCENTER
You can restrict who can access Windows Admin Center and if they can only add their own servers or if they can also make configuration changes to Windows Admin Center. By default, Windows Admin Center grants administrative access to everyone in the WAC host’s local administrators group, and if it belongs to a domain, everyone that belongs to the Domain Administrators group.
WAC only works with groups, not individual users. Create groups as necessary before proceeding.
Backup SolutionsTrusted 52 by 40,000+ Businesses To make changes to WAC’s security controls, go to theAccess tab underneath the Settings link (see the Major Elements of the Windows Admin Center Interface section above for a screenshot). Under theAllowed groups heading, click Add. That will open the following subpage:
IntheName field, type the exact name of the group. You can use the format MACHINENAME\GroupName for local groups orDOMAINNAME\GroupName for domain groups. Select whether you want the group to manage systems and WAC (Gateway administrators) or only to manage systems(Gateway users). Finally select whether or not the users will authenticate by standard password (Gateway users security group)orbysmartcard(Smart card security group).
Backup SolutionsTrusted 53 by 40,000+ Businesses WINDOWSADMINCENTEREXTENSIONS
Technically, Windows Admin Center is an empty management framework with a lot of extensions. In the Settings discussion, we glossed over the Extensions section. Let’s return there now to give it proper attention. Click the gear icon at the right of the topmost menu bar, then click the Extensions menu item on the left.
The extensions that you see may differ from the above. You can see a submenu bar below the Extensions header that indicates which of the three Extensions segments that WAC currently displays.
AVAILABLE EXTENSIONS
By default, accessing the Extensions menu brings you to the Available extensions tab. A menu bar immediately below that has two buttons:Install andUpdate To Latest. WAC will enable the appropriate button when you highlight an item in the list.
Backup SolutionsTrusted 54 by 40,000+ Businesses Clicking Install will show the following dialog:
Upon clicking Confirm, WAC will attempt to install the extension. If you do get the indicated User Account Control dialog, you will need to try to install the same extension again. The installation occurs asynchronously. WAC will automatically restart your browser session once the installation completes.
Updates work similarly.
If WAC marked an item asNot Compatible, you can hover over it to learn why.
Because the extensions feeds do not filter themselves by WAC release status, you may see extensions that only work with preview versions. Therefore, you might have the most recent production version of WAC but still links to incompatible extensions.
Backup SolutionsTrusted 55 by 40,000+ Businesses INSTALLED EXTENSIONS
Click the Installed extensions menu item to switch to tat subsection.
Unfortunately, WAC does not show the friendly name for installed extensions. You can likely figure each one out from their relative package names.
Highlighting any of the extensions will light up the Uninstall menu button and, if applicable, theUpdate button. Each takes you through a self-explanatory process of removal or updating, accordingly.
EXTENSION FEEDS
Clicking the Feeds header shows you the locations that WAC checks for new and updated extensions.
By default, you will have only the default feed from Microsoft. You can add feeds from third party vendors, open-source projects, and even your own internal publication points.
DEVELOP YOUR OWN EXTENSIONS FORWINDOWSADMINCENTER
Windows Admin Center provides an extensible platform for systems management. Microsoft provides a rich software development kit to help you get started.
Backup SolutionsTrusted 56 by 40,000+ Businesses Appendix 1 provides a link to the WAC SDK page on the Microsoft Docs site.
To ease your development efforts, WAC interacts with your browser’s JavaScript console log. You saw how to set the logging level in theSettings discussion. For most browsers, you can press F12 to bring up your developer tools. You may need to select an additional menu item to see the JavaScript console.
When you open the JavaScript console while viewing a WAC session, it will automatically display a message showing you how to access basic help information to get you started.
Above, you can see the initial output from the suggestedMsftSme.help() command.
Appendix 1 includes a link to more information on WAC’s logging capabilities. ADDING SYSTEMS TO WINDOWSADMINCENTER
You can add systems to Windows Admin Center quite simply. From the main list screen, click theAdd button. That will show a menu of items to choose from, based on the current list view (All Connections, Server Manager, Computer Management, Failover Cluster Manager, Hyper-Converged Cluster Manager, or another view created by a different extension). The defaultAll Connections view shows the following menu:
All items function essentially the same way, so we’ll only look at adding a server connection. You can add a single server by entering its NetBIOS or fully-qualified domain name in the Server name field. Unless you ticked, WAC will attempt to locate and connect to the server automatically as you type (you may get credential prompts). If the target is in the same domain and you have enabled delegation, it should locate the server and be ready to connect. In most other situations you will receive a credential prompt.
Backup SolutionsTrusted 58 by 40,000+ Businesses If you click Submit With Credentials, it will add the named system to the list and attempt to connect to it. If you clickSubmit , it simply adds the server to the list.
When you have delegation properly configured and you have access WAC with an account that has administrative credentials on the target, you will not see a credential prompt:
Backup SolutionsTrusted 59 by 40,000+ Businesses Simply click Submit to add the system to the list.
IMPORT A LIST
You can add new systems by importing a list of systems from a file. In 1809.51 and prior, it only accepts a very simple file with comma-separated or line-separated system names.
Backup SolutionsTrusted 60 by 40,000+ Businesses In 1903+, the interface indicates that it will now accept some older types of Excel files in addition to pure text files. It also augments the browse feature with drag-and-drop.
Backup SolutionsTrusted 61 by 40,000+ Businesses As you can see, the Excel parser might not work well (this was from 1903 preview). If you get this and click theAdd button, WAC will add these entries to your list.
Warning: WAC may not be able to remove systems with invalid characters! Double-check your input!
Backup SolutionsTrusted 62 by 40,000+ Businesses SEARCH ACTIVE DIRECTORY (1903+)
Starting with version 1903, you can directly search Active Directory for systems to add.
You can use wildcards and select multiple systems to add in one round. Checking a previously-added system has no effect.
Backup SolutionsTrusted 63 by 40,000+ Businesses USINGWINDOWSADMINCENTER
Once you have Windows Admin Center set up and systems added, you can start exploring! WAC starts with an enormous number of built-in extensions. Due to the sheer number of available options, we won’t even try to take you through all of them. Instead, we’ll look at some of the highlights.
Start on the main system list.
Click on any system name to access it. Clicking on any other part of a line simply selects that name. Depending on your security settings, you may get credential prompts – depending on your browser, you might get several.
Backup SolutionsTrusted 64 by 40,000+ Businesses OVERVIEW
Upon first accessing a system, you land on the Overview page. This screen has two major parts.
At the “upper” part of the window (takes up most of a monitor on most screens, if not more), you see static information about the system, such as its name and operating system, as well as a few transient details such as the uptime.
Backup SolutionsTrusted 65 by 40,000+ Businesses As you scroll down, you encounter several near-real-time performance readouts.
EXTENSIONS LIST
At the left of the page, in the Tools menu, you find all of the installed extensions that apply to this particular system. Refer to the preceding screenshots for examples. Each of these extensions offers its own functionality. Most don’t (yet) have quite the same level of control as the currently available MMCs, but some go beyond.
The Windows Admin Center pages on the Microsoft Docs site (linked inAppendix 1) give a brief overview of each of these pages. However, you’ll learn the most just by digging in. It does not hide any of the features.
Backup SolutionsTrusted 66 by 40,000+ Businesses TIPS ON USING WINDOWS ADMIN CENTER
Even though we can’t give a meaningful walkthrough of every aspect of WAC, we can cover a few pointers:
• You can resize many of the elements in Windows Admin Center. As an example, hover your mouse at the right edge of theTools menuonany system view. When the mouse cursor turns to the east/west icon, you can resize the menu. The same works for most list columns.
• Hovering over the line in a line graph shows information on that data point.
Backup SolutionsTrusted 67 by 40,000+ Businesses • For Windows Server 2019 and later targets, you can enable the System Insights feature. That gives you historical data tracking and predictive analysis.
• The Windows Admin Center team takes pride in addressing requests on the UserVoice site. If WAC lacks a feature that you desire, start on the UserVoice site. Look to see if someone else has the same request. If you can find one, upvote it. If not, start your own. Appendix 1 contains a link to the WAC UserVoice list.
If you started reading in this section, remember to skim through some of the others. Don’t miss out on the ability to check out the PowerShell that WAC uses or to reduce some of the login prompts with delegation!
Windows Admin Center continues to evolve and improve. Start using it now to ease your management tasks. Keep your version current to enjoy its ever-expanding capabilities.
Backup SolutionsTrusted 68 by 40,000+ Businesses APPENDIX 1: REFERENCES AND LINKS
This appendix contains links to information that goes beyond or explains what you read in the main text.
Windows Admin Center download and introduction page: https://aka.ms/windowsadmincenter
Windows Admin Center documentation home: https://docs.microsoft.com/en- us/windows-server/manage/windows-admin-center/overview
How to cluster Windows Admin Center: https://docs.microsoft.com/en-us/windows- server/manage/windows-admin-center/deploy/high-availability
Let’s Encrypt, a free public certification authority:https://letsencrypt.org/
HowtosetupyourownPKI:https://www.altaro.com/hyper-v/wsl-offline-root- certificate-authority-windows-pki/
Windows Admin Center Certificate Selector:https://github.com/ejsiron/CertWAC
Windows Server 2016 Security Guide: http://download.microsoft.com/download/5/8/5/585DF9E9-D3D6-410A-8B51- 81C7FC9A727C/Windows_Server_2016_Security_Guide_EN_US.pdf
Windows Server Security home page: https://www.microsoft.com/en-us/cloud- platform/windows-server-security
Source for Enable-WACDelegation.ps1, a script quickly to configure Active Directory delegation for Windows Admin Center to control one or more servers: https://github.com/ejsiron/Poshery/blob/master/Standalone/Enable- WACDelegation.ps1
Getting started with the Windows Admin Center Software Development Kit (SDK): https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-
Backup SolutionsTrusted 69 by 40,000+ Businesses center/extend/extensibility-overview
Windows Admin Center console logging: https://docs.microsoft.com/en-us/windows- server/manage/windows-admin-center/use/logging
Windows Admin Center UserVoice page (for suggestions and feedback): https://windowsserver.uservoice.com/forums/295071-management-tools
Latest version of .Net Framework for Windows Server 2008 R2 (web installer): https://docs.microsoft.com/dotnet/framework/install/on-windows-7
.Net Framework 4.7.2 (Offline Installer): http://go.microsoft.com/fwlink/?linkid=863265
Windows Management Framework version 5.1: https://www.microsoft.com/en- us/download/details.aspx?id=54616
Backup SolutionsTrusted 70 by 40,000+ Businesses APPENDIX 2: .NET FRAMEWORK PREREQUISITE
Install-WindowsFeature -Name NET-Framework-45-Features
System that Windows Admin Center runs on or manages requires at least version 4.5.2 of Microsoft’s .Net Framework. Most supported systems include it as a locally- installable component enabled by default, so you should not need to do anything in most cases. This appendix includes instructions in the event your system has disabled .Net and for 2008 R2, which does not include it.
ENABLING THE .NET FRAMEWORK ON WINDOWS 10
You do not need to do anything special for Windows 10. The 4.x series of the .Net Framework is a core component of Windows 10 that is enabled automatically and cannot be removed. As a best practice, apply updates as Microsoft offers them.
ENABLING THE .NET FRAMEWORK ON WINDOWS SERVER 2012+
Use PowerShell to check the current status of the .Net Framework.
Get-WindowsFeature -Name NET-Framework-45-Features
If the output includes a box with an X in it or shows an Install State ofInstalled,then you do not need to do anything else.
If not, you can install it easily:
Windows will automatically select only the basic features needed for the .Net Framework. You do not need any of the advanced components to run WAC.
Backup SolutionsTrusted 71 by 40,000+ Businesses ACQUIRING THE .NET FRAMEWORK FOR WINDOWS SERVER 2008 R2
You can find the latest version of the .Net Framework for Windows Server 2008 R2 on the Microsoft docs site:https://docs.microsoft.com/dotnet/framework/install/on- windows-7. That page links to a small web-based installer. If you need the full package to install offline, you will need to search the Microsoft site for a link to the latest version. The following link downloads version 4.7.2: http://go.microsoft.com/fwlink/?linkid=863265.
Once you have the package, simply run it and follow the prompts.
Backup SolutionsTrusted 72 by 40,000+ Businesses APPENDIX 3: WINDOWS MANAGEMENT FRAMEWORKPREREQUISITE
For Windows Admin Center to function, all involved systems must have at least Windows PowerShell version 5.1. Windows Server 2016 and later automatically fulfill this requirement. For all others, you need to download the Windows Management Framework package.
Download Windows Management Framework 5.1: https://www.microsoft.com/en- us/download/details.aspx?id=54616
To verify that you have the correct version, open a PowerShell prompt and enter $PSVersionTable.
ThePSVersion field must show at least 5.1 for WAC to function.
Backup SolutionsTrusted 73 by 40,000+ Businesses APPENDIX 4: FILE SERVER PREREQUISITE
To fully manage a Windows Server system, it needs to have the basic File Server role installed. In most cases, this will have happened by default so you don’t need to do anything.
Fortunately, you do not need the role installed in advance. So, you can use WAC to enable the feature. Connect to the system and select theRoles & Features extension. Drill down throughFile and Storage Services,thenFile and iSCSI Services,andfind File Server.
Backup SolutionsTrusted 74 by 40,000+ Businesses IfitdoesnotshowaState ofInstalled, click its box at its far left to check it (the box will remain invisible until you hover over it). At the top, under the mainRoles and Features heading, click Install.
Follow any remaining prompts. It should not require a reboot in most cases.
Backup SolutionsTrusted 75 by 40,000+ Businesses APPENDIX 5: HYPER-V POWERSHELL MODULEPREREQUISITE
To fully manage a system running the Hyper-V role, Windows Admin Center requires that system to have the Hyper-V PowerShell module installed. Fortunately, you can also install this role using WAC.
Follow the directions from Appendix 4 to access theRoles & Features section of the Hyper-V host. Scroll down to theFeatures heading. Then, drill down throughRemote Server Administration Tools,thenHyper-V Management Tools, and locateHyper-V Module for Windows PowerShell.
Installing the PowerShell module takes effect immediately and does not require a reboot.
Backup SolutionsTrusted 76 by 40,000+ Businesses APPENDIX 6: ENABLING REMOTE MANAGEMENT
In most cases, remote management will have been enabled when Windows was installed. For Windows Server Core, you might need to set it manually. Some Desktop Experience systems might also have remote management disabled. In both systems, you can use the sconfig tool to quickly correct that. You will also find the setting to enable Remote Desktop connections.
1. At a command prompt, typesconfig and press Enter.
Backup SolutionsTrusted 77 by 40,000+ Businesses 2. If4) Configure Remote Management shows Disabled, enter4 and press Enter.
3. At the prompt, type 1 and press Enter. You should see a brief status change. If you receive a pop-up that the settings are locked by the administrator, then you will need to work with your Group Policy administrator to override.
4. Press4 to return to the main screen.
5. (Optional) to enable Remote Desktop connections, press 7 and Enter.
Backup SolutionsTrusted 78 by 40,000+ Businesses 6. Type E and Enter to enable Remote Desktop.
7. Choose 1 or2 to match your desired security level and press Enter.
8. You will receive a pop-up indicating failure or the new setting.
9. It will automatically return you to the main menu. Enter any of the desired options of 12 or greater to exit.
Once you have enabled Remote Management, Windows Admin Center will only require valid credentials to connect.
Backup SolutionsTrusted 79 by 40,000+ Businesses ABOUT THE AUTHOR
Eric Siron - Microsoft Cloud & Datacenter Management MVP
Eric has worked in IT since 1998, designing, deploying, and maintaining server, desktop, network, and storage systems. He has provided all levels of support for businesses ranging from single-user through enterprises with thousands of seats. He has achieved numerous Microsoft certifications and was a Microsoft Certified Trainer for four years. Eric is also a seasoned technology blogger and has amassed a significant following through his top-class work on theAltaro Hyper-V Dojo.
Backup SolutionsTrusted 80 by 40,000+ Businesses Altaro VM Backup Altaro VM Backup - Trusted by over 40,000 SMBs
Altaro VM Backup for VMware & Hyper-V is hassle-free and affordable virtual machine backup solution. Start your free trial today!
The free trial enables you to backup unlimited VMs for 30 days. Afterwards, you can continue to use the free version to backup 2 VMs per host, forever – our way of assisting micro businesses.
Virtual machine backup software packed with powerful features for VMware and Hyper-V.
View features
Backup SolutionsTrusted 81 by 40,000+ Businesses Altaro VM Backup for MSPs
Backup SolutionsTrusted 82 by 40,000+ Businesses Altaro Office 365 Backup for MSPs Altaro Office 365 Backup for MSPs enables you to back up and restore all your customers’ Office 365 mailboxes through a centralised multi-tenant online console, onamonthly subscription.
Multi-tenancy Pay per mailbox No contracts Storage is provided Manage and monitor per month No annual commitment. Unlimited backup storage all your customers’ Pay one fee per mailbox, Minimum monthly payment of (within reason) on Altaro's Office 365 mailbox per month - this includes only 30 mailboxes across all Azure infrastructure, backups through a single backups, storage, support your customers. Scale to tens so you don’t need to set cloud-based console. and management console. of thousands of mailboxes. up your own servers.
Developed for Managed Service Providers (MSPs), Altaro Office 365 Backup for MSPs enables you to provide your customers with backup and recovery services for Office 365 mailboxes, backing up their Office 365 emails to Altaro’s Microsoft Azure infrastructure.
Benefits of theAltaro Office3 65 Backupfor MSPs subscriptionp rogram
Unbeatable value:Ask us about our advantageous pricing; you are then free to establish your own pricing model. Volume discounts apply for 500+ mailboxes, making it even more cost-effective for you as you scale to tens of thousands of mailboxes. Low monthly requirement to get started: Start off by paying for a minimum of 30 mailboxes per month across all your customers combined. No extras fees:You get access to all product features across all your customers, our unlimited storage on Microsoft Azure infrastructure for backups, and ourmu lti-tenant console for centralised management of all your Altaro Office 365 Backup customer accounts. Lightning Fast Call Response Guarantee:22-second average support call pickup, live chat, speak directly with an expert, no tier 1 agents or gatekeepers. Sign up for your 30-day trial www.altaro.com/office-365-msp
Backup SolutionsTrusted 83 by 40,000+ Businesses www.altaro.com ABOUT ALTARO
Altaro Softwareis a fast-growing developer of easy-to-use backup solutions which backs up and restores both Hyper-V and VMware-based virtual machines, built specifically for MSPs and SMBs customers with up to 50 host servers. Altaro take pride in their software and their excellent level of personal customer service and support, and it shows. Founded in 2009, Altaro already services over 40,000 satisfied customers worldwide and are a Gold Microsoft Partner for Application Development and Technology Alliance VMware Partner.
FOLLOW ALTARO
Like this eBook?There’s more!
Subscribe to our Hyper-V blog and receive best practices, tips, optimization guides and more!
Take your training to the next level on the Altaro Forums! Browse topics, read answers and contribute to this growing community of IT professionals. Check out the Altaro Dojo Forums
Follow Altaro at:
SHARETHISRESOURCE!
Liked the eBook? Share it now on: PUBLISHED BY Altaro Software http://www.altaro.com
Copyright © 2018 by Altaro Software
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means without the prior written permission of the publisher or authors.
WARNINGANDDISCLAIMER
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The authors and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book.
FEEDBACK INFORMATION
We’d like to hear from you! If you have any comments about how we could improve the quality of this book, please don’t hesitate to contact us by visitingwww.altaro.com or sending an email to our Customer Service representative Sam Perry: [email protected]
Backup SolutionsTrusted 85 by 40,000+ Businesses