Windows Admin Center is a powerful tool that was Generally available after Easter this year and was presented last year under the code-name Project Honolulu.
Windows Admin Center is a lightweight, browser-based GUI platform and toolbox for IT Admins to manage Windows Server and Windows 10. It’s the evolution of a familiar in-box administrative tools, such as Server Manager and Microsoft Management Console (MMC) into a modernized, simplified, integrated, and secure experience.
Windows Admin Center is a natural evolution from the traditional in-box server management tool when you need to connect via RDP to a server or use MMC, RSAT(Remote Server Administration tools) / Server Manager to a Modern web app. The benefit of deploying WAC on your environment is that will help you manage windows machines (server/computers) on-premises or Azure cloud VMs.
The beauty of WAC (Windows Admin Center) it that it’s installation is straightforward and the requirements are minimal. So once tried the neat user-experience (UX) offered by this modern web app you will think immediately how can I deploy application on my environment?
If in most small environment installing it on a Windows 10 workstation is perfectly fine, in my case I’ve chosen to install it on a Windows Server 2016 server (core).
As you probably know the Windows Server 2016 default installation is core (without any desktop experience) offer a lot of benefit and in this scenario for a web app there like WAC there is no need for a desktop experience and will also reduce the amount of resources required by the OS, smaller attack surface and consequently a smaller number of patches to apply.
The WAC in my case is not internet facing, in that scenario I recommend to put it behind a reverse proxy. So once deployed Windows Server 2016 core, my deployment is configure with SCONFIG, set the hostname and IP, joining the machine to the domain, enabling the remote management.
If you want to check the windows firewall rules with powershell just use this cmd-let:
|
1 |
Get-NetFirewallProfile | select-object name, enabled |
And in case you want to disable all the firewall profiles (which I don’t recommend but you can use WAC to change it later anyway) just run this:
|
1 2 3 4 5 |
#requires -runasadministrator # # This script will disable the windows firewall for all profiles PUBLIC, DOMAIN, PRIVATE # Set-NetFirewallProfile -profile Public,domain,private -enabled false |
The first step is downloading the WAC installer from http://aka.ms/WACDownload.
To get the latest installer from the Microsoft website we can use Invoke-WebRequest:
|
1 2 3 4 |
$WAC_Online = "http://aka.ms/WACDownload" $WAC_Installer = "C:\windows\Temp\wac.msi" $WAC_Log = "C:\windows\Temp\wac-installer.log" Invoke-WebRequest -Uri $WAC_Online -OutFile $WAC_Installer |
To install it and using port 443 and a self-signed certificate
|
1 |
msiexec /i $WAC_Installer /qn SME_PORT=443 SSL_CERTIFICATE_OPTION=generate |
than you can immediately browse the address using your FQDN (https://yourwacserver.yourdomain.local). Pay attention that modern browser will complain loudly about self-signed certificate, so if you want to use a certificate follow these instructions.
Now let’s generate our server lists and that we will load on WAC:
|
1 2 3 4 5 6 |
# Create a separate server list for each env /project $Envs = "prod", "test", "dev" $folder = "c:\windows\temp\" foreach ($EnvType in $Envs){ get-adcomputer -filter * | where-object { $_.name -match $EnvType} |select-object -exp dnshostname |set-content "$folder$EnvType-servers.txt" } |
That we will add to WAC: 
As usual you can find these scripts on my github repository.