Windows Admin Center (WAC)

Now forget everything I just told you about remote server management and focus here instead. I'm kidding…sort of. All of the tools we have already discussed are still stable, relevant, and great ways to interact with and manage your bunches of Windows servers. However, there's a new kid in town, and Microsoft expects them to be very popular.

Windows Admin Center (WAC) is a server and client management platform that is designed to help you administer your machines in a more efficient manner. This is a browser-based tool, meaning that, once installed, you access WAC from a web browser, which is great. No need to install a management tool or application onto your workstation—simply sit down and tap into it with a URL.

WAC can manage your servers (all the way back to Server 2008 R2), your server clusters, and even has some special functionality for managing hyper-converged infrastructure clusters. You have the ability to manage servers hosted on-premises as well as inside Azure, and you can even manage client machines in the Windows 10 flavor.

Windows Admin Center even has support for third-party vendors to be able to create extensions for the WAC interface, so this tool is going to continue growing. If you have been following along with the test lab configuration in the book so far, you will recognize the words "Windows Admin Center" from a pop-up window that displays itself every time that Server Manager is opened. Microsoft wants administrators to know about WAC so badly that they are reminding you that you should start using it every time that you log into a Server 2019 box, as shown in Figure 2.26:

Figure 2.26: Even Server Manager recommends using WAC

Installing Windows Admin Center

Enough talk, let's try it out! First, we need to choose a location to install the components of WAC. True, I did say that one of the benefits was that we didn't need to install a client software component, but what I meant was that once WAC is implemented, then tapping into it is as easy as opening up a browser. That website needs to be installed and running somewhere, right? While you could throw the whole WAC system onto a Windows 10 client, let's take the approach that will be more commonly utilized in the field and install it onto a server in our network. I have a system running called WEB3 that is not yet hosting any roles or websites; it's just an empty server at this point. Sounds like a good place for something like this.

Download WAC from here: https://www.microsoft.com/en-us/windows-server/windows-admin-center.

Once downloaded, simply run the installer on the host machine. There are a few simple decisions you need to make during the wizard, most notable is the screen where you define port and certificate settings. In a production environment, it would be best to run port 443 and provide a valid SSL certificate here so that traffic to and from this website is properly protected via HTTPS, but, for my little test lab, I am going to run 443 with a self-signed certificate, just for testing purposes. Don't use self-signed certificates in production!

Figure 2.27: Installing WAC

Once the installer is finished, you will now be hosting the Windows Admin Center website on this server. For my particular installation, that new web address is https://WEB3.contoso.local.

Launching Windows Admin Center

Now for the fun part, checking this thing out. To tap into Windows Admin Center, you simply open up a supported browser from any machine in your network and browse to the WAC URL. Once again, mine is https://WEB3.contoso.local. Interestingly, Internet Explorer is not a supported browser. Microsoft recommends Edge but also works with Chrome. I am logged into my Windows 10 workstation, and will simply open up the Edge browser and try to hit my new site, as shown in Figure 2.28:

Figure 2.28: Opening a WAC URL in Microsoft Edge

As you can see, I am dealing with a certificate warning. This is to be expected because I am using a self-signed certificate, which, once again, is a bad idea. I only justify it because I'm running in a test lab. Since I am expecting this and am okay with the risk for our purposes today, I can click the Advanced button and then click the Continue to web3.contoso.local link to proceed. Interestingly, I am now presented with a credentials prompt:

Figure 2.29: Sign in to use WAC

Even though I am logged into a Windows 10 computer that is domain-joined and I am logged in with domain credentials, the WAC website does not automatically try to inject those credentials for its own use but rather pauses to ask who you are. If I simply input my domain credentials here, I am now presented with the Windows Admin Center interface, as shown in Figure 2.30:

Figure 2.30: WAC interface

Adding more servers to Windows Admin Center

Logging into WAC is great, but not very useful until you add a bunch of machines that you want to manage. To do that, simply click the + Add button that is shown onscreen. You will be presented with choices to add a new server, a new PC, a Windows Server failover cluster, Azure Stack HCI, or even an Azure VM. Make your selection and input the required information. I don't have any clusters in my test lab, not yet anyway, so I am going to add in connections to the standard servers that I have been running in the environment. If I select the option to add Windows servers, I can type out the individual server names, import a list of server names, or even select the option to Search Active Directory. I'll go ahead and try that search function to test how well this works. I have already set up a number of different servers in my lab and joined them to my domain (we'll talk more about domains in the next chapter)—but how do I make WAC search for them here? When I click Search Active Directory, I still get a field asking me to type in a server name, but there is a note about wildcards being allowed. Aha! If you simply type an asterisk (*) into the search field and click the Search button, Windows Admin Center polls your domain and presents a full list of machines that can be added to the console:

Figure 2.31: Search using *

Now simply select the checkboxes next to each server that you would like to administer via Windows Admin Center and click the Add button. You can see in Figure 2.32 that WAC now contains information about all of the servers in my environment:

Figure 2.32: Server information in WAC

Managing a server with Windows Admin Center

Beginning the management of a server from within WAC is as simple as clicking on the server name. As you can see in Figure 2.33, I have selected my DC1 server, as it is currently the only machine with some real roles installed and running:

Figure 2.33: DC1 server information

From this interface, I can manage many different aspects of my DC1 server's operating system. There are power control functions, the ability to run backups on my server, I can even view and install certificates from here! You can monitor the performance of the server, view its event logs, manipulate the local Windows Firewall, and launch a remote PowerShell connection to the server. The goal with Windows Admin Center is for it to be your one-stop shop for remotely managing your servers, and I would say it is well on its way to accomplishing that goal.

I don't yet have any Server Core instances running in my lab but rest assured that WAC can be used to manage Server Core instances just as well as servers running Desktop Experience. This makes Windows Admin Center even more potent and intriguing to server administrators. When we get to our chapter on Server Core, we'll make sure to wrap back to this idea and in some way manipulate a Server Core instance through this Windows Admin Center console.

Changes are easy as pie

Monitoring information about your servers from a single place like WAC is great and powerful, but the coolest part about WAC is that you have some serious capabilities to manipulate your servers as well, straight from this web interface. This is yet another place where you can add roles or features onto your servers, create scheduled tasks, start or stop services, or even do things like edit the registry and add Windows Firewall rules. Let's make a quick change to our DC1 server to prove this out. All of my VMs are inside a test lab that is running within Hyper-V, and so interaction with my servers to this point has been directly from Hyper-V console sessions. It is basically like I am walking up to these servers and logging into them from the console, every single time I need to interact with them. At this point, RDP has never been enabled on DC1, but I wonder if there is a way to enable that easily, right from inside our Windows Admin Center?

Scrolling down through my list of tools on the left side of WAC, I suddenly spot one called Remote Desktop. Sounds like the right place to be! Clicking on Remote Desktop spins for a second as WAC reaches out and queries information from DC1. Then I am presented with a summary that states "Remote desktop connections are not allowed to this computer" with a button that allows me to Go to settings. Inside the Remote Desktop settings screen, I have here the same options that I would see if I were to log directly into DC1 and edit the Remote Desktop settings from inside the classic advanced System properties screens. You can see in Figure 2.34 that I have now selected the option Allow remote connections to this computer—previously this had not been enabled:

Figure 2.34: Remote Desktop settings

Simply changing the setting here and clicking the Save button causes Windows Admin Center to reach out to DC1 and enable this Remote Desktop setting, after which I can immediately connect to it using RDP from my Windows 10 computer. I never needed to log into DC1 to enable remote logins to DC1!

Figure 2.35: RDP is now enabled

Azure integrations

You'll notice inside WAC that there are numerous tools related to Azure. If you have an Azure environment or are thinking about getting started with one, your on-premises Windows Admin Center can be used to administer both on-premises servers as well as Azure servers. WAC can also be used to bind your on-premises environment together with your Azure environment through things like Azure File Sync and Azure Backup. These tools can be a powerful way of creating a hybrid cloud configuration, where you maintain servers in both environments, and can also be used to help ease a transition from a traditional datacenter into a cloud-only mentality.