16/19 Managing Windows with Windows Admin Center Table of contents

1. Why browser-based admin tools? 3|

2. Admin Center versus existing tools 4|

3. WAC not yet a replacement for RSAT 5|

4. Components of Windows Admin Center 6|

5. Installation and operation 7| Management via PowerShell, WMI and WinRM Supported web browsers Integration with Azure Installing Windows Admin Center on Server Core

6. Setting access rights via roles 11| Controlling access to the gateway Roles for the management of target systems Activating access controls, assigning roles Rudimentary role concept limits delegation options

7. Installing the Hyper-V role and configuring the host 16| Adding roles Creating a vSwitch Strengths and weaknesses of WAC for Hyper-V management

8. Creating and configuring virtual machines 19| Creating a new VM Installing the guest OS Subsequently changing VM settings Creating and managing snapshots

9. Activating Remote Desktop and starting it in the browser 24| Error when activating firewall rules Tools as RemoteApp

10. Copying files to a 27| Files tool in Admin Center

11. Summary 29| thomas-krenn.com | 3

Managing /2019 with Windows Admin Center

With Windows Admin Center (WAC), Admin Center is Microsoft’s second attempt to is joining the industry trend towards web-based develop web-based tools for the management of management tools – though somewhat later Windows servers. It’s first was Server Management than most. While still a long way from its final Tools (SMT) – an Azure service that was discontinued release stage, the manufacturer recommends it in mid-2017. WAC, on the other hand, is a pure on- for managing . Admins must premises solution that users install on their own therefore expect to juggle a range of different tools computers. for the Microsoft platform over an extended period.

1. Why browser-based admin tools?

The main advantage of web-based admin tools is offers for assigning access rights. clear: They do not require the installation of software Finally, browser-based tools are an advantage on the end device and can run on practically any when hybrid environments consisting of local and device with a modern browser installed. This is a cloud-based resources are to be managed via a particular strength when administrative tasks are single interface. Services in the public cloud are to be delegated to standard users in specialist inherently designed for management via web . departments. One argument against browser consoles for a For such scenarios, it should be possible to reduce the long time was the poor usability of web interfaces. web interface to the required functions. However, Today’s web technologies, however, allow the this requires a role concept that allows flexible development of interfaces that are on a par with customization of the GUI and can also be used to their desktop counterparts in terms of convenience. control the permissions of the respective users. A Windows Admin Center has a modern web GUI that separate section in this text therefore examines the provides dynamically updated performance charts. question of which options Admin Center currently thomas-krenn.com | 4

WAC uses a modern web interface that displays important indicators in live charts. (Windows-Admin-Center-Leistungsindikatoren.png)

2. Admin Center versus existing tools

In addition to WAC, which appeared in its first official whose focus is on Unified Endpoint Management. version in Q2 2018 with Windows Server 1803, With the recent introduction of the ability to Microsoft has a broad portfolio of management distribute Win32 applications, cloud-based tools. These include Remote Server Administration software is increasingly entering System Center Tools (RSAT), System Center products and the SaaS Configuration Manager (SCCM) territory. tool Intune. Admin Center has very little overlap with the By contrast, Admin Center is to be seen as an heavyweight tools of the System Center family. alternative to RSAT, which it will probably replace Products such as the Configuration-, Operations- in the long run. As the example of vSphere shows, or Service Manager cover tasks for which Admin porting complex tools from the desktop to the Center is not intended. Functional overlaps exist browser can take a long time. However, VMware with the not too popular Virtual Machine Manager recently completed this transition after developing (SCVMM). Incidentally, a “webification” of System a Flash-based web client. Microsoft is still at the Center is still largely pending. beginning of this process with WAC. There is similarly little competition with Intune, thomas-krenn.com | 5

3. WAC not yet a replacement for RSAT

Admin Center, like RSAT, is primarily used to manage Admin Center does not nearly have all the functions roles and features provided by Windows Server. of RSAT at this point, yet it already offers exclusive Unlike VMware, which equipped the vSphere web features for managing Windows Server 2019. client with the functions of the native Windows For instance, if you don’t want to forgo a graphical client, the relationship between RSAT and WAC is admin UI for certain aspects of the current server more complicated. (e.g. storage migration services or system insights), then you’ll need to use WAC.

Only WAC provides a GUI for capacity planning with system insights. (Windows-Admin-Center-System-Insights.png)

The functionality of Admin Center in relation to RSAT can be categorized as follows:

WAC has features that are: • Incomplete compared to the Microsoft Management Console (MMC) tools. This applies to most components.

• Largely feature-complete. This applies, for example, to the management of Hyper-V. A separate section below shows how WAC manages such a relatively complex system component. thomas-krenn.com | 6

• Unique and not present in RSAT, such as Storage Spaces Direct monitoring. This also includes useful little helpers like an RDP web client and a file upload service, which are also covered here.

• Missing completely. This applies to important services such as , DHCP, DNS and .

There is no exact timetable as to when which Term Servicing channel. functions will be added. However, Microsoft is Due to the fast update cycles, Admin Center is publishing previews of WAC in relatively short not yet included in the scope of delivery for the intervals and has so far released an official version operating system. for each server release in the Semi-Annual or Long-

4. Components of Windows Admin Center

WAC consists of four components: It can also be used to control Cluster-Aware Server Manager: This includes functions to manage Updating. The web variant, however, is not yet able the (as of now supported) roles and features of to set up failover clusters; for this, you still have to Windows Server. In contrast to the tool of the same fall back on the classic tools. name in RSAT, which was given the capability for Hyper-Converged Cluster Manager: Windows multi-server management in version 2012, only clusters running virtual machines and individual computers can be managed with WAC. simultaneously providing software-defined storage Computer Management: This is used to manage with Storage Spaces Direct could initially only be PCs. Its functions largely overlap with managed through PowerShell. WAC is currently those of the MMC program of the same name. the only graphical management tool for these Failover Cluster Manager: At first glance, this is the configurations. Its dashboard provides all the web equivalent of the MMC-based tool of the same essential metrics of such an environment, which name. It allows for the management of a server Admin Center can manage and monitor, but cannot group’s resources such as disks, networks, cluster set up. nodes, roles, VM, and vSwitches.

The Windows Admin Center modules (Windows-Admin-Center-Komponenten.png) thomas-krenn.com | 7

In addition to these four modules and the functions Currently, there are mainly extensions from they contain, Admin Center has a mechanism for hardware manufacturers that allow users to adding extensions. It allows Microsoft or third-party monitor servers or storage systems. vendors to mount their tools in the web console.

5. Installation and operation

Installation is surprisingly simple: If you expected versions 2016 and newer. that you would have to activate and configure the Since Preview 1802, a high-availability deployment Internet Information Services (IIS) first, you will in a failover cluster is also planned. be pleasantly surprised. The software comes with The web tools can be installed on Windows Server its own web server, which is established with the 2016 and 2019 as well as on Windows 10. Older setup. versions of the server OS from 2012 are also The whole process entails opening the MSI installer supported but will require a current version of and navigating three dialog boxes for essential the Windows Management Framework. A limited settings. It supports Windows 10 x64 and Server number of features function with Server 2008 R2.

To install Admin Center, you need at least Windows 10 or Server 2016 or 2019 (windows-admin-center-server-2012r2-setup.png). thomas-krenn.com | 8

A specific feature of installing WAC on Windows be established with this server in order to use it as Server is that you can upload or create an SSL a gateway for the management of other machines. certificate. This allows secure HTTPS connections to

When WAC is installed on a Windows server, it serves as a gateway to manage other resources. Source: Microsoft (Admin-Center-Architektur.png)

However, this does not work if you install the web a gateway. tools on a client PC running Windows 10. As a result, rights management is also not available In this case, you can only manage remote systems in this case. from this particular machine – it cannot be used as

Management via PowerShell, WMI and WinRM

There is no need to install any software on the be activated and the firewall configured accordingly. managed computers. Communication from the gateway machine running the management tools This is the default setting with Windows servers to the managed servers in the background is since version 2012. If the target systems are performed via Remote PowerShell and WMI over members of a workgroup, you must first add them WinRM. Therefore, as with PowerShell, WinRM must to the TrustedHosts list. thomas-krenn.com | 9

With Windows Admin Center, servers can be managed from version 2012 and newer while limited support is available for Server 2008 R2 since version 1806. (windows-admin-center-server-2012r2.png)

Supported web browsers

A major advantage of web-based consoles is that While Windows Admin Center will run on , you can manage systems from any device that the manufacturer does not support it and it cannot has a modern browser. However, Microsoft only be run on IE. supports and Edge on Windows 10 currently.

IE – the only browser natively available under Windows Server – is not supported (Windows-Admin-Center-IE11.png) thomas-krenn.com | 10

This results in the paradoxical situation where the server console as it has neither of the two required new admin tools cannot be used with the default browsers.

Integration with Azure

Although Admin Center is a pure on-premises addition to local servers. solution, Microsoft is positioning it as a hybrid cloud For this purpose, Admin Center has been supporting management tool. This means that Windows Azure AD authentication since Preview 1803. servers in an Azure VM can also be managed in

Access rights to the gateway can also be configured for Azure AD users. (windows-admin-center-azure-ad.png)

Installing Windows Admin Center on Server Core

The browser-based management GUI for Windows Here, you must provide the essential parameters does not require a server with an installed desktop when using the msiexec function. It is important to experience – it can also be set up on Core. In this note that, under PowerShell, the installer expects case, starting a silent installation right from the the absolute file path to the MSI package. command line is the way to go. This option also Further parameters include the port for connecting works, of course, on a server with a GUI. to Admin Center and the selection of the certificate: Usually, Windows servers nowadays run in a VM, so you have to transfer the MSI package there first. msiexec /i C:\Users\me\WindowsAdminCenter1804. For this task, we recommend the PowerShell Copy- msi /qn /L*v log.txt SME_PORT=443 SSL_ VMFile cmdlet on Hyper-V. After the successful CERTIFICATE_OPTION=generate transfer, you can start the installation process on the Server Core command line. thomas-krenn.com | 11

Installing Windows Admin Center from the command line (windows-admin-center-install-cli.png)

In this example, Admin Center would use the that already exists on the computer, you have to default SSL port (443) and generate a certificate specify it instead. itself during setup. If you want to use a certificate

SSL_CERTIFICATE_OPTION=generate or for existing certificates: SME_THUMBPRINT= SSL_CERTIFICATE_OPTION=installed

If you want to remove Admin Center, you will need to use msiexec again: msiexec /x C:\Users\me\WindowsAdminCenter1804.msi

Uninstalling Windows Admin Center from the command line (windows-admin-center-uninstall-cli.png)

A confirmation window will appear as the final step for removing the software.

6. Setting access rights via roles

Web-based tools, such as Admin Center (WAC), are Administration”) that grants non-administrators particularly useful for delegating tasks to standard the necessary rights. users. In such cases, however, it is important to limit On this point, Windows Admin Center represents their rights to what is strictly necessary. For this, a clear advance over the traditional tools based WAC has a role concept based on JEA (“Just Enough primarily on the MMC. thomas-krenn.com | 12

These older tools do not allow a granular allocation Rights Management controls both access to the of permissions. gateway itself and the managed endpoints. WAC, on the other hand, has role-based permission management from the outset. However, this is only available if WAC was installed in gateway mode on a Windows server.

Controlling access to the gateway

By default, only users with administrative rights can the settings, which can be accessed via the gear connect to the gateway. Other accounts must first symbol in the top right-hand corner. be explicitly added, although direct assignment of However, the Gateway section is only visible if you individual users to roles is not possible. Rather, the open Admin Center from a Windows session where tool only allows local or AD groups. you are logged in as an administrative user. Admin Center provides two roles for controlling The Access side tab opens a page on which you access to the gateway: gateway administrators can assign rights to normal users using the “+ Add” and gateway users. The latter are not allowed to button under Allowed Groups. Enter the name of change any settings for the gateway and have no the group in the respective field. An Active Directory access to rights management. search is not possible, so you have to type in the full name manually. The assignment of roles to user groups is done in

Granting gateway access for user groups (Windows-Admin-Center-Gateway-Benutzer.png) thomas-krenn.com | 13

Please note that the mere name of the group is In addition to selecting the role, the user group can sufficient if it is located in the same domain as be assigned to the smart card security group, which the gateway server. A notation according to the forces users to log on using a smart card. domain\group pattern is therefore not required.

Roles for the management of target systems

When an account is granted access to the gateway, allow access to the managed endpoints. it is not automatically granted permissions for These are: machines that are to be managed via Admin Center. • Windows Admin Center Administrators To do that, users need administrative rights on each • Windows Admin Center Hyper-V endpoint. Administrators By default, only those users whose account is a • Windows Admin Center Readers member of the local administrators group on each target machine can manage computers through Administrators can use most Admin Center WAC. tools and features, though Remote Desktop and However, Admin Center comes with three predefined PowerShell remain hidden and the settings for a roles, which can also be used by standard users to machine cannot be opened.

Accessing Admin Center with restricted permissions (Windows-Admin-Center-Rollen-Hyper-Admins-Zugriff.png) thomas-krenn.com | 14

As the name suggests, Hyper-V Administrators all three groups are not permitted to make Remote are limited to managing the hypervisor and virtual Desktop connections, Hyper-V Admins cannot view machines, and Readers get read-only access. Since VM consoles in WAC.

Activating access controls, assigning roles

To be able to use these user roles, you need to This action configures the server as an endpoint enable role-based access control in the settings of for JEA and downloads the PowerShell modules each target computer. required by WAC to the machine.

Activating role-based access control (Windows-Admin-Center-Rollenbasierte-Zugriffsteuerung.png)

In addition, three local groups are created whose add them to these newly created local groups. names are identical to those of the roles. To assign This task can be automated through group policies. users or groups with the permissions of these roles, thomas-krenn.com | 15

Benutzer zu den Gruppen für das Admin Center hinzufügen (Windows-Admin-Center-Rollen-Hyper-Admins.png)

In larger environments, this interactive configuration The detour with the local groups can be avoided by of endpoints is not practical. In such cases, you can adapting the JEA files accordingly and assigning the download the entire package, consisting of the JEA roles directly to an AD group. The exact procedure is and DSC files and the PowerShell modules, and described in this documentation. distribute it to the target machines via the preferred mechanism.

Rudimentary role concept limits delegation options

Building on WMI, WinRM and PowerShell, permissions. For instance, Hyper-V Administrators Admin Center takes advantage of Just Enough are not only delegated the management of certain Administration to give users the rights they need to VMs; they are also able to edit or delete vSwitches. manage certain machines, regardless of their other privileges. The biggest drawback of role-based access control However, this mechanism is currently limited to in Admin Center is that you cannot currently define three roles – allowing only a very rough allocation of your own roles and assign granular rights to them. thomas-krenn.com | 16

7. Installing the Hyper-V role and configuring the host

Hyper-V is one of the few components that can be Manager and Hyper-V Manager. administered almost completely via the browser Once you have added the server to the list of in Admin Center. This applies both to adding the managed computers, you can use the WAC gateway Hyper-V role and the subsequent adjustment of the to start the necessary actions. The endpoint does settings. When using the traditional GUI tools for not require any software, such as an agent. this, you would need two of them: namely, Server

Adding roles

The first step is to select the menu item Role & on the plus symbol (“Install” button). Features from the navigation bar. In the list that Since the installation of Hyper-V requires a restart, appears, select Hyper-V and add the role by clicking you can also enable the automatic restart option.

Installing the Hyper-V role via WAC (Windows-Admin-Center-Hyper-V-Rolle-installieren.png)

As soon as the server is available again, you can left navigation bar. start configuring the most important parameters. The page currently displays five menu items in the This is done under Settings, the bottom entry in the Hyper-V Host Settings section. thomas-krenn.com | 17

Settings for Hyper-V in Admin Center and Hyper-V Manager (Windows-Admin-Center-Hyper-V-Manager-Host-Einstellungen.png)

They largely correspond to those in Hyper-V networks. Also missing are the configurations for Manager, except that the paths for VMs and virtual Hyper-V replica and the virtualization of GPUs on RD drives are grouped under “General” up virtual Virtualization Hosts.

Creating a vSwitch

Before you can start setting up virtual machines on and set. For this task, there is a separate entry in the the host, you need to create one or more vSwitches Admin Center navigation bar called Virtual Switches.

Creating a virtual switch for Hyper-V in Admin Center (Windows-Admin-Center-Hyper-V-vSwitch.png) thomas-krenn.com | 18

When creating a new switch, you can only specify Other options, such as adding a description, only its name and select the type (external, internal, become available when you save the new vSwitch private). If you choose “external”, the tool displays and then edit its settings. In contrast to Hyper the available NICs to which you can bind the V-Manager, you cannot assign a VLAN ID for the vSwitch. network of the management operating system.

Strengths and weaknesses of WAC for Hyper-V management

If you follow the previously described instructions and slower than the MMC-based tools. through to the operational Hyper-V host, the Moreover, some settings are missing – though they question arises as to the advantage of using Admin tend to be ones that are rarely used. Instead, WAC Center for this task. offers a dashboard that presents a host’s most The web console’s reactions are noticeably rougher important metrics and log entries in a clear way.

WAC dashboard for monitoring Hyper-V (Windows-Admin-Center-Hyper-V-Virtuelle-Computer-Dashboard.png)

Scenarios are also conceivable in which the WAC the management of Hyper-V servers from outside gateway is placed in the DMZ – thereby enabling the corporate network. thomas-krenn.com | 19

However, admins who manage their environment likely stick with the conventional tools. from a Windows workstation in the LAN will most

8. Creating and configuring virtual machines

So, while there are hardly any occasions to set up In addition, integration with cloud services such as and configure hosts via the browser tools, WAC Azure Site Recovery or Azure Update Management offers some real advantages when managing VMs. makes it easy to back up VMs and update guest In hybrid environments, it can be used to administer operating systems. both Hyper-V and Azure VMs from a single console.

Creating a new VM

While creating a new virtual machine in Hyper-V There you click on the “+ New” button and enter Manager is done using a wizard, WAC uses a single the required data for the new VM. These include the web form for the task. This can be opened by name of the VM, the drive and directory where the following the Virtual Machines link in the navigation VM is to be stored, the number of virtual CPUs and and then switching to the Inventory tab page. the amount of memory.

Creating a new virtual machine (Windows-Admin-Center-Hyper-V-Neue-VM.png) thomas-krenn.com | 20

Here, you can also select the VM generation (1 or 2), It should be noted that, as a rule, mounting an ISO the network and an existing drive under “Memory file from a network share does not work. The reason => Add drive” if you don't want to create a new one. for this is that the credentials used to log on to the In addition, the VM can be immediately assigned Hyper-V host are not passed on to the computer an ISO image as a virtual DVD drive to install the on which the file share is located. In this case, you guest OS. need to set up a Kerberos delegation first.

Installing the guest OS

Before starting the VM, you should check your Settings. settings to ensure that the DVD is first in the boot On the resulting page, select “Boot order”. With order. To do this, select the VM on the overview the help of the arrow symbols, you can change the page, open the “More” drop-down menu and select position of the entries.

Changing the boot order in the settings of a VM (Windows-Admin-Center-Hyper-V-VM-Startreihenfolge.png)

In Hyper-V Manager, you would connect to the VM same, except that you have to turn on the VM at this point and then start it. Once the appropriate before connecting to it. To do this, you open the message is displayed, you would press a button to “More” drop-down menu and select “Connect”. start the VM from the virtual DVD drive. This will start the RDP web client, provided you have In Admin Center the procedure is basically the previously enabled the Remote Desktop feature on thomas-krenn.com | 21

the host. This means you have no opportunity to press a Note: The current official WAC release 1809 is button to boot from DVD. suffering from a serious bug that prevents it from Using “Send CTRL+ALT+DEL”, however, you can connecting through the RDP web client. This is fixed restart the VM. Once you have done this, you should in preview version 1809.5. immediately press a key while the browser window However, you will notice that connecting via the is still white instead of waiting for an on-screen web client now takes so long that the VM attempts prompt. to boot from the network via PXE.

After connecting to the VM, you have to restart it via “Send Ctrl + Alt + Del” (Windows-Admin-Center-Hyper-V-VM-Boot-Fehler.png)

An alternative is to download the .rdp file, which is This variant also requires a restart of the VM while available in the same menu when the VM is running. the RDP client is open (via More => Reset). In this case, you would connect via the native RDP With this option, however, one breaks away from client. the purely web-based approach and thereby negates one of the main advantages of WAC. thomas-krenn.com | 22

Installation des Gast-OS über den integrierten RDP-Web-Client (Windows-Admin-Center-Hyper-V-VM-RDP-Installation.png)

From here, the interactive installation of the guest response behavior is completely satisfactory. OS progresses as normal and the RDP web client’s

Subsequently changing VM settings When creating a new VM through Admin Center, soon as you have saved the VM. the web form only allows you to configure the most Similar to Hyper-V Manager, not all parameters can important settings. All others can be changed as be edited when the VM is running.

Settings for VMs in WAC versus Hyper- V-Manager (Windows-Admin- Center- Hyper-V-VM-Einstellungen.png) thomas-krenn.com | 23

If you open the page under More => Settings, you Management under Networks. will find a list with eight categories, ranging from One of the most common tasks in VM management General and Memory to Networks and Checkpoints. is changing the operating state, i.e. starting, This largely corresponds to what Hyper-V Manager stopping, shutting down the guest, or turning it off. offers. However, in some categories individual All of these actions can be performed through the settings are missing – such as Bandwidth browser interface.

Starting, stopping and shutting down VMs via Admin Center (Windows-Admin-Center-Hyper-V-VM-Betriebszustand.png)

Creating and managing snapshots Admin Center can also be used to create and command from the “More” drop-down menu. manage checkpoints. The type (production vs. This opens a dialog in which you can enter a name standard), as well as the storage location, can for the checkpoint. If this is left empty, the system be defined in the mentioned settings, where the will assign a designation based on the date and feature can also be deactivated. time. To create a snapshot, you can use the corresponding

Creating a checkpoint for a VM in Admin Center (Windows-Admin-Center-Hyper-V-VM-Snapshot-anlegen.png) thomas-krenn.com | 24

The snapshots cannot be managed from the the Checkpoints section, you can then apply, delete, context of the Inventory list, but rather by following or rename snapshots. the link that is attached to the name of the VM. In

Managing VM snapshots (Windows-Admin-Center-Hyper-V-VM-Snapshot-verwalten.png)

On this page, Admin Center also provides an WAC is therefore better suited for monitoring VMs overview of the VM’s most important performance than Hyper-V Manager. data, which is also displayed as live charts.

9. Activating Remote Desktop and starting it in the browser

In general, administrative remote access to the WAC has a unique feature among the Server console is losing relevance. tools with the web client for Remote Desktop. This However, since Admin Center cannot yet replace not only allows you to open a complete desktop, the conventional GUI tools, it attempts to close the but also individual programs as RemoteApps – such gaps by connecting to a managed server via RDP as MMC-based tools. and performs tasks there with conventional tools.

Server Manager in Admin Center’s Remote Desktop client (admin- center-remotedesktop.png) thomas-krenn.com | 25

If you select the menu item Remote Desktop from display a button that opens the corresponding the WAC navigation bar, the tool will indicate if the settings. feature is not active on the target computer and

Admin Center will notify you that Remote Desktop is not enabled on the target machine and will offer to turn it on. (admin-center-remotedesktop- deaktiviert.png)

Here, you can activate Remote Desktop on the to only allow computers with network-level remote computer and activate the security option authentication.

Activating Remote Desktop in Admin Center (admin-center-remotedesktop-aktivieren.png) thomas-krenn.com | 26

Error when activating firewall rules

As soon as you attempt to save this setting, WAC operation runs into a translation-related error on tries to activate the firewall rules responsible German machines. for Remote Desktop on the server. However, the

Admin Center cannot activate the firewall rules for Remote Desktop on a German Windows machine. (admin-center-remotedesktop-aktivieren-firewall-fehler.png)

In this case, you have to change the settings By entering “Remote Desktop” in the search box, manually by switching to Firewall in the navigation you can find the rules that apply to it and activate bar and then to the tab Incoming rules. them manually.

Manually enabling firewall rules for Remote Desktop (admin-center-remotedesktop-aktivieren-firewall-regel-aktivieren) thomas-krenn.com | 27

Tools as RemoteApp

Now, nothing should stand in the way of item called RemoteApp (it’s a known problem that establishing a Remote Desktop connection. The it sometimes doesn’t appear in the list. connection will show the complete desktop of the If it isn’t displayed, you have to adjust the URL server. Alternatively, Admin Center offers the option manually as shown in the screenshot below). Here to activate the RemoteApp tool when activating you can enter individual applications that you want Remote Desktop access (see screenshot above). to access this way – for instance, MMC-based or After reloading the page in the browser, the Admin other GUI tools. Center navigation bar should contain another menu

Adding a program as a RemoteApp to Admin Center (admin-center-remoteapp.png)

Overall, the load times of the web-based RDP sporadically resort to this option. client are relatively long, so you will probably only

10. Copying files to a Windows server

If you want to transfer files to a server – for On Server Core, however, Remote Desktop is usually instance, to install or configure software – Windows deactivated, so that this option is not available Admin Center provides a browser-based alternative there. to the known methods. In addition to uploading In this case, another option is offered by PowerShell, and downloading, the tool also supports other file which added the two new parameters ToSession operations. and FromSession to the Copy-Item cmdlet in If you need to upload files to a server as an version 5. But to do that, you first have to set up a administrator and that server has no shares, the remote session to the target machine. usual method is to copy them via an RDP connection. thomas-krenn.com | 28

Files tool in Admin Center

The latest option for transferring files to a server managed via the gateway mode can be addressed comes from Windows Admin Center. If you’re so that no share or Remote Desktop has to be managing servers with this tool anyway, then it configured or installed on the target computers. only makes sense to perform file transfers this way The corresponding function can be found under the as well. menu item Files. Here, you can navigate through Using WAC here offers several advantages. First, the of the remote computer and select it is a browser-based tool that provides a GUI for the destination directory for the copy operation. file operations even if the target is a Server Core While the Download button is located directly in machine. On the other hand, all computers that are the menu bar, Upload is hidden under More.

Uploading files in Windows Admin Center (windows-admin-center-file-upload.png)

As you will quickly notice, this method also has a per operation and can’t transfer entire folders. drawback. It only allows the copying of a single file

When uploading ZIP archives, you can have them unzipped automatically. (windows-admin-center-dateien-upload- zip.png) thomas-krenn.com | 29

If you upload a ZIP file, you can unzip it automa- under Share, which opens a relatively simple dialog tically. To do this, activate the option “Extract file box. after upload”. Alternatively, you can use the Extract Once more, it is quickly apparent that Admin Center command from the More menu. is relatively poorly equipped compared to the native In addition to transferring files, this tool also allows Windows tools. If you want to share a directory not you to delete and rename files as well as create only via SMB, but perhaps also via NFS or configure folders. Since version 1807, the module can also features like SMB encryption, quotas or offline files, share files and folders in the network. The new you will still need to use Server Manager. function is hidden in the More drop-down menu

11. Summary

With Windows Admin Center, Microsoft is following interface does not yet exist. an industry-wide trend toward web-based admin In addition, the rudimentary role concept does not consoles. This results in significant advantages for allow for the granular delegation of tasks. users, such as platform independence on the client, What’s clear is that Microsoft is continually the easier delegation of tasks to standard users developing Admin Center and providing new and the management of private and public cloud releases at quick intervals. However, there is no resources via a single interface. explicit roadmap as to when and whether the web- At the moment, Admin Center only scratches the based tools will cover further roles and features of surface of what is possible here as it only supports Windows Server – particularly the management of Google Chrome and on Windows 10 Active Directory or Remote Desktop Services. at the frontend while a mobile version of the web thomas-krenn.com | 30

Microsoft promotes Admin Center each time Server Manager starts in Windows Server 2019. (Windows-Admin-Center-Hinweis-Server-Manager.png)

Currently, WAC can only replace RSAT in a few areas. Another positive aspect is the advanced integration At the same time, it provides a GUI for Windows of Azure services, which are foreign to MMC-based Server features that cannot be managed with RSAT. tools. So, if you don’t want to limit yourself to This includes hyper-convergent infrastructures and PowerShell, you will have to get used to the idea of new Windows Server 2019 features such as System using both RSAT and WAC over the longer term. Insights and Storage Migration Services. Thomas-Krenn.AG Speltenbach-Steinäcker 1 D-94078 Freyung thomas-krenn.com