Lab Windows Admin Center - LouisNajdek/sec440 GitHub Wiki

Download link

I first downloaded the Windows Admin Center from microsoft on MGMT01 at the following link: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview , then transferred it over to fs01 with the file share from the Kerberos lab. You can alternatively do an installation with wget from fs01.

FS01 WAC CONFIG

I ran the installer with the following command msiexec /i <WindowsAdminCenterInstallerName>.msi /qn /L*v log.txt SME_PORT=6516 SSL_CERTIFICATE_OPTION=generate

This set the log file to be log.txt, the port for accessing WAC to be 6516 (the default port for the service), and the SSL certificate to be generated itself. I had to run task manager to run the WAC gateway service manually, then could access it at it's url of https://*fs01ipaddress*:6516.

Active Directory and DNS extensions

Clicking the gear symbol (settings) located at the top right, you can find the settings for extensions. From there you can add the active directory and DNS extensions to be used for the servers, in my case MGMT01.

Enable remote desktop and remote powershell

For remote desktop, I enabled remote desktop through the control panel on wks1, as well as allowing the inbound firewall rules for remote desktop connections. Logging in as DOMAIN*username* allowed me to remote desktop effectively. To enable remote powershell on MGMT01, I performed the command powershell command (in an elevated prompt) Enable-PSRemoting.

WAC versus traditional remote administration

I think that WAC is very convenient, but is more vulnerable to attack than traditional remote administration. Opening up a port for it's use as well as having a web client you can login to is dangerous for a network, especially when once there you can login to potentially important servers and workstations. Ultimately I believe that traditional remote administration may be more safe for that reason.