How to deploy Windows Admin Center on Windows Server 2016 Core with Powershell

Windows Admin Center  is a powerful tool that was Generally available after Easter this year and was presented last year under the code-name Project Honolulu.

Windows Admin Center is a lightweight, browser-based GUI platform and toolbox for IT Admins to manage Windows Server and Windows 10. It’s the evolution of a familiar in-box administrative tools, such as Server Manager and Microsoft Management Console (MMC) into a modernized, simplified, integrated, and secure experience.

Windows Admin Center is a natural evolution from the traditional in-box server management tool when you need to connect via RDP to a server or use MMC, RSAT(Remote Server Administration tools) / Server Manager to a Modern web app. The benefit of deploying WAC on your environment is that will help you manage windows machines (server/computers) on premise or Azure cloud VMs.

The beauty of WAC (Windows Admin Center)  it that it’s installation is straightforward and the requirements are minimal. So once tried the neat  user-experience (UX) offered by this modern web app you will think immediately how can I deploy application on my environment?

If in most small environment installing it on a Windows 10 workstation is perfectly fine, in my case I’ve chosen to install it on a Windows Server 2016 server (core).

As you probably know the Windows Server 2016 default installation is core (without any desktop experience) offer a lot of benefit and in this scenario for a web app there like WAC there is no need for a desktop experience and will also reduce the amount of resources required by the OS, smaller attack surface and consequently a smaller number of patches to apply.

The WAC in my case is not internet facing, in that scenario I recommend to put it behind a reverse proxy.  So once deployed Windows Server 2016 core, my deployment is configure with SCONFIG, set the hostname and IP, joining the machine to the domain, enabling the remote management.

If you want to check the windows firewall rules with powershell just use this cmd-let:

And in case you want to disable all the firewall profiles (which I don’t recommend but you can use WAC to change it later anyway) just run this:

The first step is downloading the WAC installer from http://aka.ms/WACDownload.

To get the latest installer from the Microsoft website we can use Invoke-WebRequest:

To install it and using port 443 and a self-signed certificate

than you can immediately browse the address using your FQDN (https://yourwacserver.yourdomain.local).  Pay attention that modern browser will complain loudly about self-signed certificate, so if you want to use a certificate follow these instructions.

Now let’s generate our server lists and that we will load on WAC:

That we will add to WAC: 

As usual you can find these scripts on my github repository.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.