Windows Admin Center: Modern Server Management Platform

Windows Admin Center: Modern Server Management Platform

Introduction

Windows Admin Center provides browser-based management for Windows Server. This guide covers installation and setup, server connection management, built-in management capabilities, Azure integration with Hybrid Services, extension ecosystem, remote management features, and hybrid cloud scenarios.

Installation and Setup

Downloading Windows Admin Center

# Download Windows Admin Center
# Latest version: https://aka.ms/windowsadmincenter

# Gateway mode: Install on dedicated management server (recommended for production)
# Desktop mode: Install on Windows 10/11 workstation (for managing local lab)

# Download using PowerShell
$downloadUrl = "https://aka.ms/WACDownload"
$outputPath = "C:\Temp\WindowsAdminCenter.msi"
Invoke-WebRequest -Uri $downloadUrl -OutFile $outputPath

Installing Windows Admin Center

# Gateway mode installation (recommended)
# Install on Windows Server 2019/2022 or Windows 10/11

# Install with default settings
msiexec /i WindowsAdminCenter.msi /qn /L*v log.txt SME_PORT=443 SSL_CERTIFICATE_OPTION=generate

# Install with custom certificate
msiexec /i WindowsAdminCenter.msi /qn /L*v log.txt `
    SME_PORT=443 `
    SME_THUMBPRINT="CERTIFICATE_THUMBPRINT" `
    SSL_CERTIFICATE_OPTION=installed

# Desktop mode installation (Windows 10/11)
msiexec /i WindowsAdminCenter.msi /qn /L*v log.txt SME_PORT=6516 SME_DESKTOP=1

# Verify installation
Get-Service ServerManagementGateway
Test-NetConnection -ComputerName localhost -Port 443

# Access Windows Admin Center
# https://localhost or https://servername

Initial Configuration

# Configure trusted hosts (if not domain-joined)
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "server1,server2,server3" -Force

# Or allow all (less secure)
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force

# View trusted hosts
Get-Item WSMan:\localhost\Client\TrustedHosts

# Enable PowerShell Remoting on managed servers
Invoke-Command -ComputerName "server1" -ScriptBlock {
    Enable-PSRemoting -Force
    Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP" -RemoteAddress Any
}

Gateway Settings

# Access gateway settings via browser:
# https://localhost → Settings (gear icon)

# Configure:
# - Access: Manage allowed users/groups
# - Azure: Connect to Azure subscription
# - Extensions: Manage extension feeds
# - Shared Connections: Configure connection sharing
# - Update: Enable automatic updates

# View gateway version
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\ServerManagementGateway" | 
    Select-Object CurrentVersion, InstalledVersion

Server Management Capabilities

Adding Server Connections

# Add servers via browser:
# Windows Admin Center → Add → Servers → Add server connection

# Or use PowerShell to configure WinRM on target servers
$servers = "server1.contoso.com", "server2.contoso.com", "server3.contoso.com"

foreach ($server in $servers) {
    Invoke-Command -ComputerName $server -ScriptBlock {
        Enable-PSRemoting -Force
        Set-Service WinRM -StartupType Automatic
        Start-Service WinRM
        
        # Configure firewall
        Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP" -RemoteAddress Any
        
        # Enable CredSSP for multi-hop authentication
        Enable-WSManCredSSP -Role Server -Force
    }
}

# On Windows Admin Center gateway, enable CredSSP client
Enable-WSManCredSSP -Role Client -DelegateComputer "*.contoso.com" -Force

Server Inventory Dashboard

# Available management tools in Windows Admin Center:

# System Management:
# - Overview: CPU, memory, disk, network real-time stats
# - Certificates: View and manage SSL certificates
# - Devices: Hardware device inventory
# - Events: Event Viewer integration
# - Files: File explorer with upload/download
# - Firewall: Windows Firewall rule management
# - Local users and groups: User account management
# - Network: Network adapter configuration
# - PowerShell: Integrated PowerShell console
# - Processes: Task Manager functionality
# - Registry: Remote registry editor
# - Roles & features: Install/remove Windows features
# - Scheduled tasks: Task scheduler management
# - Services: Service control and configuration
# - Storage: Disk and volume management
# - Updates: Windows Update management
# - Virtual machines: Hyper-V VM management
# - Virtual switches: Hyper-V network configuration

# Each tool accessible via server connection → Tool name

Remote PowerShell Console

# Access PowerShell console in Windows Admin Center:
# Server connection → PowerShell

# Example remote commands executed via WAC PowerShell:

# View system info
Get-ComputerInfo | Select-Object WindowsVersion, OsArchitecture, CsProcessors

# Check disk space
Get-Volume | Where-Object { $_.DriveLetter } | 
    Select-Object DriveLetter, FileSystemLabel, 
        @{N='Size(GB)';E={[math]::Round($_.Size/1GB,2)}}, 
        @{N='Free(GB)';E={[math]::Round($_.SizeRemaining/1GB,2)}}

# List installed roles
Get-WindowsFeature | Where-Object { $_.InstallState -eq 'Installed' } | 
    Select-Object Name, DisplayName

# View running services
Get-Service | Where-Object { $_.Status -eq 'Running' } | 
    Select-Object Name, DisplayName, StartType | 
    Sort-Object DisplayName

Bulk Server Operations

# Perform operations across multiple servers

# Update multiple servers
$servers = "server1", "server2", "server3"

foreach ($server in $servers) {
    Invoke-Command -ComputerName $server -ScriptBlock {
        Install-WindowsUpdate -AcceptAll -AutoReboot
    }
}

# Deploy configuration to multiple servers
$configScript = @"
# Install common features
Install-WindowsFeature -Name RSAT-AD-PowerShell, RSAT-DNS-Server, RSAT-DHCP

# Configure time sync
w32tm /config /manualpeerlist:"time.windows.com" /syncfromflags:manual /update
Restart-Service w32time

# Set power plan
powercfg /setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c  # High performance
"@

Invoke-Command -ComputerName $servers -ScriptBlock { param($script) Invoke-Expression $script } -ArgumentList $configScript

Azure Integration

Azure Hybrid Services Registration

# Register Windows Admin Center with Azure
# In WAC: Settings → Azure → Register

# Or use PowerShell
Install-Module -Name Az -AllowClobber -Force
Connect-AzAccount

# Register gateway
$resourceGroup = "RG-Management"
$location = "East US"
$gatewayName = "WAC-Gateway"

# Create resource group if needed
New-AzResourceGroup -Name $resourceGroup -Location $location

# Register Windows Admin Center
# This creates Azure AD app registration for authentication

Azure Monitor Integration

# Enable Azure Monitor for servers

# Install Log Analytics agent on managed servers
$workspaceId = "YOUR_WORKSPACE_ID"
$workspaceKey = "YOUR_WORKSPACE_KEY"

$servers = "server1", "server2", "server3"

foreach ($server in $servers) {
    Invoke-Command -ComputerName $server -ScriptBlock {
        param($wsId, $wsKey)
        
        # Download agent
        $agentUrl = "https://go.microsoft.com/fwlink/?LinkId=828603"
        $agentPath = "$env:TEMP\MMASetup-AMD64.exe"
        Invoke-WebRequest -Uri $agentUrl -OutFile $agentPath
        
        # Install agent
        Start-Process -FilePath $agentPath -ArgumentList "/C:setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_ID=$wsId OPINSIGHTS_WORKSPACE_KEY=$wsKey AcceptEndUserLicenseAgreement=1" -Wait
        
    } -ArgumentList $workspaceId, $workspaceKey
}

# Configure data collection in Azure Monitor
# Collect performance counters, Windows events, Syslog, IIS logs

Azure Backup Configuration

# Configure Azure Backup from Windows Admin Center
# Server connection → Azure Backup

# Or use PowerShell
$vaultName = "RSV-Backup"
$resourceGroup = "RG-Backup"
$location = "East US"

# Create Recovery Services vault
New-AzRecoveryServicesVault -Name $vaultName -ResourceGroupName $resourceGroup -Location $location

# Get vault
$vault = Get-AzRecoveryServicesVault -ResourceGroupName $resourceGroup -Name $vaultName
Set-AzRecoveryServicesVaultContext -Vault $vault

# Download agent on server (MARS agent)
# Windows Admin Center → Server → Azure Backup → Configure backup
# Follow wizard to register server and create backup policy

Azure File Sync

# Deploy Azure File Sync from Windows Admin Center
# Server connection → Azure File Sync

# Or use PowerShell
$storageSyncServiceName = "StorageSync01"
$resourceGroup = "RG-Storage"

# Create Storage Sync Service
New-AzStorageSyncService -ResourceGroupName $resourceGroup `
    -Name $storageSyncServiceName `
    -Location "East US"

# Install Azure File Sync agent on server
# Download from: https://go.microsoft.com/fwlink/?linkid=858257

Invoke-Command -ComputerName "fileserver01" -ScriptBlock {
    # Install agent
    Start-Process -FilePath "C:\Temp\StorageSyncAgent.msi" -ArgumentList "/qn" -Wait
    
    # Import module
    Import-Module "C:\Program Files\Azure\StorageSyncAgent\StorageSync.Management.ServerCmdlets.dll"
}

# Register server
Register-AzStorageSyncServer -ResourceGroupName $resourceGroup `
    -StorageSyncServiceName $storageSyncServiceName

Azure Update Management

# Enable Azure Update Management
# Windows Admin Center → Settings → Azure → Update Management

# Configure update schedules in Azure portal
# Automation Account → Update Management → Schedule update deployment

# View update compliance
Get-AzAutomationSoftwareUpdateConfiguration `
    -ResourceGroupName "RG-Automation" `
    -AutomationAccountName "Automation01"

# View update deployments
Get-AzAutomationSoftwareUpdateRun `
    -ResourceGroupName "RG-Automation" `
    -AutomationAccountName "Automation01"

Extension Ecosystem

Installing Extensions

# Install extensions via Windows Admin Center UI:
# Settings → Extensions → Available extensions

# Popular extensions:
# - Active Directory: Domain controller management
# - DHCP: DHCP server management
# - DNS: DNS server management
# - Storage Replica: Storage Replica management
# - System Insights: Predictive analytics
# - Security (Azure): Security Center integration

# View installed extensions
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\ServerManagementGateway\Extensions\*" | 
    Select-Object PSChildName, Version

Developing Custom Extensions

# Windows Admin Center SDK for custom extensions
# https://aka.ms/wacsdk

# Install Node.js and npm
# Install Windows Admin Center CLI
npm install -g windows-admin-center-cli

# Create new extension
wac create --company Contoso --tool CustomTool

# Build extension
cd CustomTool
npm install
npm run build

# Package extension
npm run package

# Upload to Windows Admin Center
# Settings → Extensions → Sideload extension → Upload .nupkg file

Remote Management Capabilities

Browser-Based Access

# Windows Admin Center accessible from any device with web browser:
# - Windows (Chrome, Edge, Firefox)
# - macOS (Chrome, Safari, Firefox)
# - Linux (Chrome, Firefox)
# - iOS/Android (mobile browsers with limited functionality)

# Configure external access via reverse proxy or Azure AD Application Proxy

# Example: Configure IIS reverse proxy
Install-WindowsFeature Web-Server, Web-WebSockets, Web-Asp-Net45 -IncludeManagementTools

# Install URL Rewrite and Application Request Routing modules
# Configure reverse proxy rules in IIS for external access

Certificate Management

# Use trusted SSL certificate for production

# Generate CSR
$cert = New-SelfSignedCertificate -DnsName "wac.contoso.com" `
    -CertStoreLocation "cert:\LocalMachine\My" `
    -KeyLength 2048 `
    -KeyExportPolicy Exportable `
    -NotAfter (Get-Date).AddYears(2)

# Export CSR (submit to CA)
$csrPath = "C:\Certs\wac-csr.txt"
certreq -new -f -q "$env:TEMP\wac-request.inf" $csrPath

# After receiving certificate from CA, import and bind to Windows Admin Center
$pfxPath = "C:\Certs\wac.contoso.com.pfx"
$pfxPassword = ConvertTo-SecureString "P@ssw0rd123!" -AsPlainText -Force
$cert = Import-PfxCertificate -FilePath $pfxPath `
    -CertStoreLocation "Cert:\LocalMachine\My" `
    -Password $pfxPassword

# Update Windows Admin Center to use new certificate
# Settings → Gateway → Use this certificate → Select certificate

Multi-Server Sessions

# Windows Admin Center supports multiple concurrent server connections

# Open multiple browser tabs for different servers
# Each tab maintains independent session

# Or use Server Manager extension for consolidated view of multiple servers

Hybrid Cloud Scenarios

Azure Arc-Enabled Servers

# Onboard on-premises servers to Azure Arc

# Install Azure Arc agent
$tenant = "YOUR_TENANT_ID"
$subscription = "YOUR_SUBSCRIPTION_ID"
$resourceGroup = "RG-HybridServers"
$location = "eastus"

$servers = "server1", "server2", "server3"

foreach ($server in $servers) {
    Invoke-Command -ComputerName $server -ScriptBlock {
        param($tid, $sid, $rg, $loc)
        
        # Download Arc agent
        Invoke-WebRequest -Uri "https://aka.ms/AzureConnectedMachineAgent" -OutFile "$env:TEMP\AzureConnectedMachineAgent.msi"
        
        # Install agent
        msiexec /i "$env:TEMP\AzureConnectedMachineAgent.msi" /qn
        
        # Connect to Azure
        & "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" connect `
            --tenant-id $tid `
            --subscription-id $sid `
            --resource-group $rg `
            --location $loc `
            --cloud "AzureCloud"
            
    } -ArgumentList $tenant, $subscription, $resourceGroup, $location
}

# Manage Arc-enabled servers from Windows Admin Center
# Azure Arc extension provides unified management

Unified Monitoring Across Environments

# Use Azure Monitor to monitor both Azure and on-premises servers

# Query logs across all servers
$workspaceId = "YOUR_WORKSPACE_ID"

# Example query using Azure Monitor Logs
$query = @"
Perf
| where TimeGenerated > ago(1h)
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize AvgCPU = avg(CounterValue) by Computer
| order by AvgCPU desc
"@

# Execute query
Invoke-AzOperationalInsightsQuery -WorkspaceId $workspaceId -Query $query

Disaster Recovery with Azure Site Recovery

# Configure Azure Site Recovery for on-premises VMs

# From Windows Admin Center: Server → Azure Site Recovery

# Or use PowerShell
$vaultName = "RSV-DR"
$resourceGroup = "RG-DR"

# Create Recovery Services vault
New-AzRecoveryServicesVault -Name $vaultName -ResourceGroupName $resourceGroup -Location "West US"

# Configure replication for Hyper-V VMs to Azure
# Requires Hyper-V hosts registered with vault

Key Takeaways

• Windows Admin Center provides browser-based server management
• Gateway mode recommended for production environments
• Built-in tools cover all common administration tasks
• Azure integration enables hybrid cloud scenarios
• Extension ecosystem extends functionality
• Remote management works from any device with browser
• Azure Arc brings Azure services to on-premises servers
• Unified monitoring across hybrid environments

Next Steps

• Install Windows Admin Center in gateway mode
• Connect servers to management gateway
• Configure Azure integration for hybrid services
• Enable Azure Monitor for unified monitoring
• Install useful extensions for additional capabilities
• Configure SSL certificate for secure access
• Onboard servers to Azure Arc for unified management

Additional Resources

• Windows Admin Center
• Azure Integration
• Azure Arc
• Extension Development

---

Manage. Monitor. Integrate. Simplify.