Download Windows Admin Center: A Comprehensive Guide

Published:29 December 2020 - 10 min. read

Christopher Bisset Image

Christopher Bisset

Read more tutorials by Christopher Bisset!

Today’s sponsor is n8n, the AI-native workflow automation tool built for ITOps and DevSecOps. With 100+ templates to get you started quickly and a powerful visual editor, you can automate complex workflows without giving up control. Check it out here.

 

 

 

 

 

If you want to learn how to download Windows Admin Center, set it up including tweaking the Windows Admin Center port, you’ve come to the right place.

Not a reader? Watch this related video tutorial!
Not seeing the video? Make sure your ad blocker is disabled.

In this tutorial, you’re going to learn how to set up Windows Admin Center from scratch from download all the way to installing new extensions!

Prerequisites

To fully examine the capabilities of Windows Admin Center, you need to have more than just a desktop in place. To follow along, you will need the following:

  • A test Windows domain with a domain controller. This guide is a good place to start if you do not have one in place.
  • A fresh install of Windows Server 2016 or Windows Server 2019 (This article will be using Windows Server Core 2019). You can find the installation media on Microsoft’s Website.

Windows Admin Center works on Windows 10, but will not allow remote access. It will launch like an application instead of service and can only be used from the computer it launches from. Windows Server allows for Windows Admin Center to be used from any computer with a web browser.

Downloading Windows Admin Center (with Installation)

Windows Admin Center is freely available as an MSI on Microsoft’s Website. Windows Admin Center has no licensing costs and is available to install on Windows 10 (1709 or later), or Window Server 2016 and up.

Downloading and installing Windows Admin Center is typically a seamless process. You can find it via the Windows Server Evaluation Portal, or just using a direct download link.

To save you some time downloading Windows Admin Center below is a PowerShell snippet that will both download and install on your Windows Server.

Note the SME_PORT=6516 option below. By default, the Windows Admin Center port is 6516. If you’d like to change the port upon installation, you can do that here. The SSL_CERTIFICATE_OPTION option is creating a self-signed certificate for Windows Admin Center to use.

## Download the msi file
Invoke-WebRequest 'https://aka.ms/WACDownload' -OutFile "$pwd\WAC.msi"

## install windows admin center
$msiArgs = @("/i", "$pwd\WAC.msi", "/qn", "/L*v", "log.txt", "SME_PORT=6516", "SSL_CERTIFICATE_OPTION=generate")
Start-Process msiexec.exe -Wait -ArgumentList $msiArgs

Adding Firewall Rules

The MSI installer will automatically allow remote access to the Windows Admin Center port, however, that only applies to your network’s current state. but if your network profile changes (for example, from private to domain), that access will become invalid.

A network profile is a set of firewall rules that can change depending on the state of your server. You can think of it is as a security group for firewall settings. Typically there are four profiles: Public, Private, Work, and Domain.

If your server is currently in a workgroup (for this tutorial we’ll assume so), ensure you create inbound Windows firewall exceptions for the Windows Admin Center port of 6516 (or whatever port you set of the SME_PORT option above.

When the Winodws server is added to a domain, the network profile will change to Domain and, if not defined for the Domain network profile, you might not be able to access Windows Admin Center.

Below you will find a few PowerShell commands to run to open up the Windows Admin Center port.

> New-NetFirewallRule -DisplayName "Allow Windows Admin Center" -Direction Outbound -profile Domain -LocalPort 6516 -Protocol TCP -Action Allow

> New-NetFirewallRule -DisplayName "Allow Windows Admin Center" -Direction Inbound -profile Domain -LocalPort 6516 -Protocol TCP -Action Allow

Logging into Windows Admin Center

Now that you have initially installed Windows Admin Center, you can now start managing your server using a web browser, like Chrome or the new Microsoft Edge.

To access Windows Admin Center:

  1. Open up a web browser on any computer on the same LAN as the Windows server and go to https://<server ip>:6516. This guide is using https://10.20.100.4:6516.

If you do not know the IP of your server, you can retrieve it by running ipconfig in the PowerShell console on the server.

Related: The ipconfig Commands You Need to Know

2. You will likely be greeted with a big warning saying Your Connection is not private. Select “show advanced” and then “Proceed to <IP> (unsafe). Click on Proceed to <server IP> (unsafe).

You are seeing this warning because Windows Admin Center is using a self-signed certificate and your local browser does not trust it.

The Chrome SSL warning for a bad SSL certificate
The Chrome SSL warning for a bad SSL certificate

3. Provide the local administrator username and password at the Sign in prompt.

This tutorial is using the local administrator account for convenience. But you can get much more advanced in this area by checking out the User Access Options documentation.

Using the built in local administrator account to log in
Using the built in local administrator account to log in

Joining a Domain with Windows Admin Center

Windows Admin Center has a slew of features and ways to manage Windows Server. To provide a demonstration of what Windows Admin Center can do, let’s briefly cover how to add the Windows Server to a domain.

Whenever you first log in, you will be greeted by a list of computers, of which, there’s actually only a single computer: the one you installed Windows Admin Center on. You can see an example of what this screen looks like below.

  1. To select a server to work with, click on the (probably only) Windows server in the list.
The Server Chooser in Windows Admin Center
The Server Chooser in Windows Admin Center

2. Once selected, Windows Admin Center will present you with a dashboard of your Windows Admin Center server (as seen below). You will also notice that the computer name (1) is randomly generated (if you used the Windows installer), and the Domain (2) doesn’t exist.

The main Dashboard of Windows Admin Center
The main Dashboard of Windows Admin Center

3. Select Edit Computer ID on the dashboard. The Computer ID is how Windows Admin Center defines common properties like hostname and domain membership.

Editing the computer properties
Editing the computer properties

4. Enter your desired computer name and domain. This tutorial is using a domain called ad.gurucomputing.com.au and Test-Server-2019 as the computer name.

Changing the Computer Name and Domain at the same time
Changing the Computer Name and Domain at the same time

5. Supply the Domain User and Password with rights to join the domain (this article us using ad.gurucomputing.com.au/christopher.bisset), enable the Restart immediately checkbox, and click on Save. You will then be prompted to reboot and choose to do so.

Including the credentials of someone authorized to join computers to the domain
Including the credentials of someone authorized to join computers to the domain

6. Upon reboot, log back into Windows Admin Center (https://10.20.100.4:6516 in the example) with your domain admin credentials (not the local administrator user account) and click on the test Winodws server again.

You should now see a view of the updated dashboard. You will now notice in the below screenshot that the computer name is updated as well as the domain.

The computer name and domain are now updated to reflect the changes.
The computer name and domain are now updated to reflect the changes.

Note that the Name in the Top Left has been cut off, as older systems expect a max of 15 characters.

Exploring the Sidebar Categories

Now that you have successfully joined the domain, you can start exploring the options that Windows Admin Center provides. You will immediately notice that most of the sidebar categories (the left side menu in the screenshot below) look suspiciously like control panel categories, and in fact, most of them are.

Windows Admin Center is designed to be a web replacement for server management. Most of the categories (such as Firewall, Installed apps, etc.) are a direct replacement for the control panel.

For example, when viewing a Windows server, select the Firewall category. You’ll see that firewall exception you made using PowerShell earlier.

The firewall rules placed earlier by PowerShell
The firewall rules placed earlier by PowerShell

There are also several categories designed for remote management of the server. Files & File Sharing allows you to directly upload, download, or modify files on your server as shown in the following screenshot.

An overview of the file browser in Windows Admin Center
An overview of the file browser in Windows Admin Center

The PowerShell and Remote Desktop categories, in particular, are extremely interesting. PowerShell allows you to open a remote terminal directly on the machine as if you were using remote PowerShell natively!

The PowerShell console within the browser
The PowerShell console within the browser

This remote PowerShell console is especially helpful for workgroup servers, remotely managing a workgroup server can be extremely tricky without a Domain.

The Remote Desktop option allows you to open up RDP directly in your browser. RDP in a browser means you can have a full-blown remote desktop session inside Windows Admin Center!

Viewing the remote desktop of Server Core 2019 (it is not very interesting as Server Core 2019 has no GUI)
Viewing the remote desktop of Server Core 2019 (it is not very interesting as Server Core 2019 has no GUI)

There are over a dozen other categories, which this article will gloss over for the time being. Most of them are analogous to the control panel and are fairly self-explanatory. Instead, let’s explore managing Active Directory with a Windows Admin Center extension.

Managing Active Directory with Windows Admin Center Extensions

Windows Admin Center has an extensible system with support for adding on more functionality in the form of extensions. It supports a large swathe of extensions for various administrative tasks (in fact, some of the sidebar categories are Microsoft bundled extensions).

A Windows Admin Center Extension is an optional extra that adds additional functionality. This could include cluster management, virtual machine management, or active directory management (as seen below)

To demonstrate extensions, let’s install the Active Directory extension.

For a full demonstration of the Active Directory extension, this website did a great job.

  1. While on the main Windows Admin Center page, select the Settings cog (1) in the top right

2. Click on Extensions (2) on the left-hand side as shown below. You should be presented with a list of installed and available extensions:

Navigating to the Extensions Portal
Navigating to the Extensions Portal

3. Click on the Active Directory extension and click on Install.

Adding the Active Directory Extension
Adding the Active Directory Extension

It is worth browsing through the list of extensions to see what is available. Many Microsoft related services have a Windows Admin Center extension available.

Once installed, the Active Directory option will move from Available Extensions to Installed Extensions.

4. If you are remotely managing your Domain Controller (addressed later in the article), you can see in the sidebar that you now have an Active Directory option. Click on it and begin managing Active Directory.

Browsing OUs in the Active Directory Extension
Browsing OUs in the Active Directory Extension

As you are most likely not using Windows Admin Center on a domain controller, the Active Directory section will not appear in the sidebar as in the above screenshot. This problem will be addressed shortly.

For those familiar with the Active Directory Administrative Tools (not to be confused with Windows Admin Center), this will be a very similar experience. The main difference is you are not using Microsoft’s Remote Server snap-ins: You’re using a web interface with no locally installed tools at all.

It’s all PowerShell Under the Hood

Something you might not be aware of is that PowerShell drives the entire backend of Windows Admin Center. Every time you change a setting or view a dashboard, a corresponding PowerShell script runs in the background to enact that change. In fact, you can peek behind the curtain in Windows Admin Center and directly extract the PowerShell it runs!

Inspecting Firewall PowerShell Functions

Navigate back to the Firewall Category again and click the View Powershell Scripts icon as seen below. Doing so brings up a new panel, showing a dropdown list of PowerShell functions. Choosing an option (as seen with the Disable-FirewallRule option below) displays the corresponding function that Windows Admin Center uses to perform its tasks.

This type of inspection can be done for every category in the sidebar.

Viewing the Underlying PowerShell in the backend
Viewing the Underlying PowerShell in the backend

This is a handy tool because it lets you directly view exactly how Microsoft structures all of their PowerShell and gives you tons of best practice examples when writing your own PowerShell!

Remote Management of Other Servers

If you thought you had to install Windows Admin Center on every server in your environment, think again. Windows Admin Center actually only needs to exist on a single server. Because Windows Admin Center does all of its work under the hood with PowerShell, all you need to do is have PowerShell Remoting enabled on your servers!

Let’s show that in this article by remoting into the domain controller.

If you are following in a production domain, you may not have permission to manage your domain controller remotely. Do not test any features on sensitive equipment before checking your IT policies!

  1. Navigate back to the server list by clicking on the Windows Admin Center title in the top left

2. Click the Add button.

The Server Chooser in Windows Admin Center
The Server Chooser in Windows Admin Center

3. Click Servers.

4. Either manually enter the computer name of the domain controller, or search for it in the Search Active Directory box.

5. Add the server to the list.

6. Select the server, and enter your domain credentials.

You can see these steps in the animation below:

Adding another computer to the Server chooser
Adding another computer to the Server chooser

You’ve now added a web interface to your domain controller, and you don’t even need to install anything!

Your browser is just using the Windows Admin Center server as a host and is running all the backend commands on the domain controller!

If you have remote desktop enabled for the controller, you can even use the Windows Admin Center server as a jump box to manage the domain controller! See the fully functional RDP session below:

Remotely managing the Domain Controller, even though the PC using the browser has no direct connection.
Remotely managing the Domain Controller, even though the PC using the browser has no direct connection.

In the above example, the PC running the browser cannot directly access the Domain Controller. Instead, the browser is interacting with the Windows Admin Center server, and the Windows Admin Center server is talking to the Domain Controller. You can use this method to remotely access restricted or sensitive devices.

Where to go From Here

Windows Admin Center, if you so choose, can be used to manage your entire fleet of servers. You can find extensive documentation on Microsoft’s website. To a certain extent, Windows Admin Center can even manage your entire fleet of endpoints (albeit, an RMM tool like Meshcentral or TeamViewer would be more appropriate for endpoints).

Windows Admin Center is another tool to add to your arsenal and is incredibly useful for managing GUI-less environments.

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

Explore ATA Guidebooks

Looks like you're offline!