With the new Windows Admin Center, Microsoft enables central, web-based administration of Windows servers. Administrators can easily manage the Windows network from any end device using a browser. In this article, ZDNet shows the possibilities of the solution as well as its installation and operation.
Microsoft offers the new Windows Admin Center (Project Honolulu), an administration tool for Windows networks and Active Directory. Administrators can use web browsers to manage the various servers in the network via a Windows Admin Center proxy (gateway endpoint). The Windows Admin Center enables administrators to manage the servers in the network from any endpoint. While the tool still lacks some management tools, such as Active Directory user management, it still offers administrators many options for effectively managing Windows servers and clusters, as well as PCs running Windows 10.
The Windows Admin Center offers the same functions as the conventional Server Manager and much more. The advantage of the new management solution, however, is that no software needs to be installed on the client computers to manage Windows servers. No installation is required on the individual servers either. After logging on to the Windows Admin Center, administrators can in turn connect various servers to the solution and thus manage them centrally. The connection is made via a gateway.
Microsoft will continue to provide the conventional Server Manager as well as the remote server management tools for Windows 10. Here, too, servers can be managed via the network, parallel to the Windows Admin Center. However, these tools have the disadvantage that they are limited in function or require installations on the client computers. With the Windows Admin Center, administrators can also access servers in Active Directory without the administrator's PC being a member of the respective forest.
The Windows Admin Center currently works primarily on Google Chrome and Microsoft Edge. Other browsers do not yet sufficiently support the functions in the administration solution. The Admin Center cannot be used in Internet Explorer. This means that on a server, the Admin Center can only be opened directly if Chrome or Edge are installed. Of course, this is not necessary for the gateway endpoint. The browser is only required on the accessing client.
[Translate to Englisch:]
After the Windows Admin Center endpoint is installed on a server in the network, administrators can connect to the Windows Admin Center via a web browser. The installation process is basically just confirming a few windows. To manage servers with the Windows Admin Center, it is not necessary to install an extension on each server. It is enough to run a gateway endpoint on the network.
Once connected, the various servers in the network can be connected to the web-based Server Manager. Core servers can be managed centrally here, as can servers with a graphical interface. In addition, the Admin Center also supports the new versions Windows Server 2019 and Windows Server 1709/1803, so all the different server versions from Microsoft can be managed centrally.
Once an administrator has connected to the Windows Admin Center, he can save a list of servers that he wants to manage with the Windows Admin Center. He can then use the Web browser to install and manage server roles, establish PowerShell sessions and remote desktop sessions, and more.
Administrators' web browser connects through the gateway. This in turn connects to the particular server to be managed using WinRM and remote PowerShell or WMI. For the remote connections between the servers to work, the remote administrations must be enabled on the servers involved.
[Translate to Englisch:]
The Windows Admin Center can also be used to manage Hyper-V hosts and clusters. Hyper-Converged clusters can also be managed with the Windows Admin Center. The functions for this are automatically integrated during installation. Administrators simply have to switch whether they want to use the web-based Server Manager, cluster management or the management of hyper-converged environments in the Windows Admin Center.
With Windows Server 2016, Microsoft also added a teaming feature of physical network adapters for Hyper-V environments. This is called Switch Embedded Teaming (SET). Previously, these special, virtual switches could only be created and managed with PowerShell. This changes with the Windows Admin Center, since a graphical interface for SET is available here.
To install the Windows Admin Center, the corresponding MSI file from Microsoft is required first. This is used to install the Windows Admin Center proxy (gateway endpoint) on a workstation or server in the network. The installation can be done on servers running Windows Server 2016, but also on the current versions Windows Server 1709/1803. Windows Admin Center can also be installed on core servers. The installation is done either with the MSI file in the graphical interface, or in the command line with:
msiexec /i <HonoluluInstallerName>.msi /qn /L*v log.txt SME_PORT=<port> SSL_CERTIFICATE_OPTION=generate
msiexec /i honolulu.msi /qn /L*v log.txt SME_PORT=6516 SSL_CERTIFICATE_OPTION=generate
During installation, you can still select to allow Windows Admin Center to edit the trusted hosts that are allowed to access the host. This is necessary for administrator access and connection to other computers.
As part of the installation, the port that administrators use to access the server with their web browsers is selected. By default, SSL port 443 is used. If this is already in use, another port can be used. The certificate for access can also be selected at this point. If no certificate is available, Windows Admin Center can also use a self-signed certificate. The installation of Windows Admin Center is then completed. More configurations are not necessary at this point.
[Translate to Englisch:]
Setting up and using Windows Admin Center
Once the gateway endpoint for Windows Admin Center is installed, the Windows Admin Center can be accessed over the network using the URL "https://<gatewayendpoint>:Port". If a login window appears, an administrator's user name must be entered. The Windows Admin Center uses the Active Directory for authentication.
At the first start a wizard appears, which informs about the possibilities of the Windows Admin Center. With "Next" it is possible to switch to the next page of the window. If the setup is completed after a few seconds, the browser displays the start window of the Windows Admin Center. The server on which the gateway endpoint is installed is added automatically. Additional servers can be added by administrators at any time.
By clicking on the server that is already connected in the Windows Admin Center, the main page of the Admin Center opens. Here, on the left side, all areas that can be configured for the individual servers can be seen first.
By clicking on the server that is already connected in the Windows Admin Center, the main page of the Admin Center opens. Here, on the left side, you can first see all the areas that can be configured for the individual servers.
In the upper area, it is possible to switch between the web-based Server Manager, the Failover Cluster Manager, the Hyper-Converged Cluster Manager and the computer management of PCs. In the middle of the window, further commands and information about the respective server or PC are displayed. Here you can see various commands in the upper area and information and options about the server in the lower area.
The "Settings" menu item can be used to make local settings for servers. For example, the remote desktop of servers can be configured here. The environment variables and the role-based access control for the server can also be made here.
With role-based access control, Active Directory users and groups can be used to control who should use the Windows Admin Center. In general, the Windows Admin Center distinguishes between three types of users:
Windows Admin Center Administrators - Receive broad privileges.
Windows Admin Center Hyper-V Administrators - Are allowed to manage virtual computers and switches. The other tools can be used for reading, but do not allow any changes to be made
Windows Admin Center Readers - May view settings, but may not change settings.
Once the feature is enabled, it is possible to work with the appropriate permissions. The best way to do this is to use the groups in Active Directory.
Connect server for administration
By default, initially only the server on which the gateway endpoint is installed can be managed with the Windows Admin Center. Of course, additional servers can be connected to the administration solution at any time.
To connect servers running Windows Server 2012/2012 R2/2016 or Windows Server 1709/1803 and Windows Server 2019, a new server connection is first added via "Add" in the main Windows Admin Center window. Then it is selected whether a traditional server ("Add Server Connection"), a PC ("Add Windows PC Connection" a cluster ("Add Failover Cluster Connection") or a hyper-converged cluster ("Add Hyper Converged Cluster Connection") is to be integrated into Windows Admin Center.
In the window, either the FQDN of a server can be entered, or administrators import a list of servers from a text file. Both can be done quickly and easily. Tags (markers) are also possible for servers. For example, all Hyper-V hosts can be tagged with the tag "Hyper-V host". If an import of servers is performed, the easiest way is to create a text file in which all servers are listed comma separated or in separate lines.
Then the name of the server to be connected is specified as well as the login data. Windows Admin Center thus allows connecting different servers with different permissions. After successful connection, the servers are displayed in the window. By clicking on a server, a connection is established. The time of the last connection is displayed in the Windows Admin Center. The Windows Admin Center also has a notification area. By clicking on the icon with the bell in the upper right corner, the Admin Center displays the actions performed and info about the actions.
If a server is clicked, a connection can be established. In addition, an alternative user account can be selected via "Manage as", to which the server is connected. Tag editing is also possible from the Windows Admin Center home page. Once the server is connected, it can be managed using the commands in the left margin. Here, server roles can be installed, the Windows firewall can be adjusted, the registry can be opened and much more. On the overview page, the server can be restarted or shut down. Changing the server name, including domain membership can also be done via "Edit Computer ID".
By clicking on a menu item, for example "Roles and Functions" or "Firewall", further commands and information appear on the right side. This way, numerous settings can be made on servers via the network, up to the installation of server roles and the management of Windows updates. For Hyper-V hosts, the virtual switches can also be configured via the Server Manager. Warnings and errors are also displayed here and can be corrected.
To install roles with the Windows Admin Center, the menu item "Roles and Functions" is clicked. Then the window in the center shows all available server roles. Here you can also see under "Status" which roles are already installed. By clicking on a server role, it can be installed or uninstalled via the window. Individual role services can also be installed or uninstalled at this point.
Extend Windows Admin Center and connect to Microsoft Azure
The two icons at the top right edge can be used to call up the Windows Admin Center notification center with current warnings, as well as to manage extensions. The connection to Microsoft Azure can also be configured here. Extensions are used to supplement the functions of the Server Manager. Installed extensions can be displayed, managed and removed here.
In addition to managing server roles and settings for the server, the Windows Admin Center can also be used to access the server's file system. Here, file actions are possible on the respective server and files can also be uploaded and downloaded from the PC that is connected to the Windows Admin Center. Information about files can also be displayed. Folders can be created, data deleted and renamed. The web-based file explorer can be found via the menu item "Files".
The "Registry" menu item can in turn be used to open the web-based registry editor on the server. In addition to reading entries in the registry, entries can also be exported and imported. It is also possible to edit keys and create values.
In addition, "PowerShell" can be used to open a PowerShell session in the web browser that executes commands on the remote server. With "Remote Desktop", a remote desktop connection to the respective server can be established in the web browser.
The two menu items "Services" and "Processes" can also be used to manage system services and monitor processes. As soon as the corresponding menu item is selected, further commands are again available in the upper area of the window to manage services and processes. Here, for example, system services can be started, stopped and their settings adjusted. Filters can be created for processes. Administrators can also terminate processes or create a dump of the process.