Windows Admin Center Lab - Zacham17/my-tech-journal GitHub Wiki

Pre-Lab Configurations

The systems used in this lab are AD01, FS01, and WKS1 They all need to be configured as follows:

AD01

On the LAN Network

  • EST Timezone
  • Manual Windows Updates(can be checked using sconfig in cmd)
  • Hostname set to ad01-zachary
  • Set the IP address to 10.0.5.5/24
  • Install AD/DS and DHCP on the Server(this is done in the Add Roles and Features option in Server Manager)
    • Configure the domain once AD/DS is installed. My domain is zachary.local
    • Configure DHCP with a scope once it is installed. My scope is 10.0.5.150-10.0.5.200
  • In Tools > Active Directory Users and Computers, add a named Domain administrator and Domain user.(Make sure to add users to the respective groups)

FS01

  • On the LAN Network
  • EST Timezone
  • Manual Windows Updates(can be checked using sconfig in cmd)
  • Hostname set to fs01-zachary
  • Set the IP address to 10.0.5.7/24
  • Join the zachary.local domain

WKS1

  • On the LAN Network
  • Hostname set to wks1-zachary
  • Set the IP address to use DHCP
  • Join the zachary.local domain

Windows Admin Center

Windows Admin Center is a tool that can be used to remotely manage windows servers.

Installation

  1. On fs01-zachary open Server Manager. A popup window should appear suggesting the use of Windows Admin Center. Click the link in that window and download Windows Admin Center from the website.

  2. Run the downloaded installer using default settings.

Adding Devices

  1. In the browser navigate to https://fs01-zachary.zachary.local. This should pull up the Windows Admin Center. Log in using the domain administrator credentials.

  2. Devices can be added by clicking the “ADD” button. Add Wks1 and AD01 using this feature. Both systems can be searched for using active directory.

After adding ad01 and wks1, you should see something that looks similar to the screenshot below image

Adding Extensions

The Active Directory and DNS extension will be added to Windows Admin Center. The following steps explain how to do this.

  1. Click the settings icon in the top right of the Windows Admin Center window.
  2. In the pane of the left side of the window, under the Gateway section, select Extensions
  • Here you can see available extensions and installed extensions
  1. Under "Available Extensions", select the Active Directory extension and click install. Wait for the installation to complete and repeat this step for the DNS extension.

Active Directory and DNS Management

Windows Admin Center can be used for AD/DNS management remotely using the ad01 device. The following steps explain how.

  1. In the main Windows Admin Center page that shows the connected devices, select ad01-zachary and click Connect
  2. Enter the domain administrator credentials to connect.
  3. To view Active Directory Management, select Active Directory in the Left Pane.
  4. Clicking "Browse" will show an interface that allows for ADDS management similar to the screenshot below: image
  5. To view DNS, select DNS in the Left Pane.
  6. Forward and Reverse Lookup zones can be viewed. Make sure to click the domain in order to see information. The screenshot below shows the forward lookup zone for my domain. image

Remote Administration and Management Using Powershell

The following steps were completed from the Windows Admin Center browser interface on WKS1-zachary to get a powershell terminal for AD01.

  1. Select AD01 and connect to it in the Windows Admin Center.
  2. In the left pane select Powershell. Enter the domain administrator credentials when prompted. There should now be a Powershell Terminal open for the ad01 system: image

Accessing WKS1 using WAC from FS01

To access WKS1 from Windows Admin Center, some extra steps need to be taken. The following steps need to be taken: On ad01-zachary:

  • In Group Policy Management, create a group policy and set the following:
    • Enable "Allow Remote Server Management through WinRM" and set the alowwed IPv6 and IPv4 addresses to "*"(meaning all addresses). This setting can be found under Computer Configuration/Policies/Administrative Templates/Windows Components/Windows Remote Management(WinRM)/WinRMService.
  • Set an inbound firewall rule allowing the port for Windows Remote Management, which is port 5985. There is a preset option to configure this rule when setting it up. This setting can be found under Computer Configuration/Policies/Window Settings/Security Settings/Windows Defender Firewall with Advanced Security.

On wks1-zachary:

  • Restart the device or run the command gpupdate /force

On fs01:

  • Open the Windows Admin Center in the browser and connect to the wks1-zachary device.
  • Click "Settings" in the left pane
  • Navigate to "Remote Desktop" and choose the option "Allow Remote Connections to this computer", and check the checkbox:

image

  • Navigate back to the main page for wks1-zachary and in the left pane, select remote desktop
  • When asked for credentials enter domain administrator credentials, and a remote dektop connection should be made. The screenshot below shows this:

image