Server 2019 Configuration
This is a guide on server 2019 configuration.
Basic Configuration Tasks
In this video, we'll take a look at performing some very basic configuration tasks for a server that has been newly installed with Windows Server 2019. Now, of course, there are numerous tasks that you will likely have to perform. But for this particular demonstration, we'll keep things fairly simple. And we'll just use the Server Manager interface with the Local Server option here over on the left, as most of the basic configuration can be done from here.
[Video description begins] The screen displays the Local Server page of Server Manager interface. In the left ribbon, this interface shows four options, Dashboard, Local Server, All Servers, and File and Storage Services. Currently, the Local Server option is selected. Furthermore, this page shows various kinds of information, such as Computer name, Workgroup, Last installed updates, Windows Update, and so on. [Video description ends]
So again, with a new install, you might just immediately want to verify the version and that everything did install correctly. In other words, you just want to make sure that it didn't fail, maybe while you didn't realize it. And maybe the system just rebooted and reverted back to the old version. So here, you can also check your operating system version. It says Windows Server 2019 and your edition here. So from that point, one of the first things that you really should do is to check for updates, and we do have that option here.
[Video description begins] He points to the Windows Update section, which shows the following link: Download updates only, using Windows Update. [Video description ends]
Windows Update is in the upper right hand corner, and we can just click this link to see what is available.
[Video description begins] When he clicks the Windows Update link, a Settings window opens. This window shows various options on the left side, such as Home, Windows Update, Delivery Optimization and so on. On the right side, the section shows various types of available updates under the Windows Update heading. Also, this section has an Install now button. [Video description ends]
Now, I do recommend that you install most updates. But you certainly can go through the list and decide for yourself. But there is the Install now button you can click to simply apply these updates. Now, that could take a while depending on how many updates there are. So I won't bother actually installing them at this point. But you can also change your active hours, view the update history and configure some advanced options here. But again, always recommended to just go in and check the updates after an installation.
[Video description begins] He closes this window after pointing at these three links: Change active hours, View update history, and Advanced options. [Video description ends]
Then, you might also want to verify the time zone. You have a link again over on the right hand side in terms of your current settings. So if you want to change that, again just simply click the link, apply the appropriate time zone.
[Video description begins] When he clicks the Time zone link, a Date and Time dialog box opens. This dialog box shows three tabs, Date and Time, Additional Clocks, and Internet Time. Currently, the Date and Time tab is active. This tab shows Change date and time... and Change time zone... buttons. [Video description ends]
And you certainly might want to assign a static IP address. Most servers are usually set statically. So here we see Ethernet0 and once again we have a link. Now, this system has already been set up with a static address.
[Video description begins] When he clicks the link for Ethernet0, a Network Connections window opens. This window shows the network adapter, which is Ethernet0. He right clicks this adapter, and a drop-down menu opens with various options, such as Disable, Status, Properties and so on. He clicks the Properties option, which opens a Ethernet0 Properties dialog box. This dialog box shows a Networking tab showing various protocols with options, such as Install, Uninstall, and Properties. [Video description ends]
But you can just click on that link to bring up your network adapter. Then you can right click and choose Properties. Choose the appropriate protocol. In this case, I'll go with TCP/IPv4, click Properties. And of course, we can make changes to the IP address configuration here.
[Video description begins] He closes the dialog box and the Network Connections window. [Video description ends]
And then from that point, you might also want to enable Remote Desktop. And once again, that can also be done here, it tells you the status of Remote Desktop.
[Video description begins] When he clicks the Enabled link for Remote Desktop, a System Properties dialog box opens. This dialog box shows four tabs, Computer Name, Hardware, Advanced, and Remote. Currently, the Remote tab is active. This tab shows two sections, Remote Assistance and Remote Desktop. He closes this dialog box. [Video description ends]
Currently, mine is Enabled. So once again, you can just click on the link to disable the option or enable it depending on its current state. And finally, you may want to rename the server and/or join an Active Directory. So both of these are available here. In fact, these are the first two options, the computer name and the workgroup configuration in my case are currently set. So you can click either one of these to change the name.
[Video description begins] He clicks the Computer Name link, which opens a System Properties dialog box. This dialog box shows four tabs, Computer Name, Hardware, Advanced, and Remote. Currently, the Computer Name tab is active. This tab shows a Computer description field bar, along with information about Full computer name and Workgroup, and also a Change... button. He clicks the Change... button, which opens a Computer Name/Domain Changes dialog box. This dialog box shows a field bar to enter Computer name, and a Member section with Domain and Workgroup radio buttons. The Workgroup radio button is currently selected, and it also shows a field bar. [Video description ends]
And in fact, in the name change interface, you can click Change to do both. Change the name and the domain/workgroup configuration. So again, I won't make any changes for the time being here. But those are some of the basic options that you would certainly want to verify and/or configure as soon as your installation completes.
Server Core Basic Configuration
Now, in our previous video entitled Basic Configuration Tasks, we saw how to perform some of those tasks using the graphic interface, or Server Manager. But of course, you may also have many systems running Server Core, where there is no graphic interface. So in this video, we'll see some of that same basic configuration but using PowerShell.
[Video description begins] The screen displays a Virtual Machine Connection window showing a PowerShell environment with various kinds of information, such as IPAddress, InterfaceIndex, Type and so on. [Video description ends]
Now, that said, of course, you can absolutely use the Server Manager interface of any other server to connect to your instance of Server Core remotely and perform those exact same configuration tasks in that manner. But it is certainly useful to know some of the commandlets, and if you aren't all that familiar with the PowerShell commandlets then there is a tremendous amount of documentation available.
So just do a little bit of searching to get the commandlets and get the syntax. But as mentioned, we'll see some of the basic configuration here, most notably the network adapter and we'll also rename this system. Now when you boot your installation of server core, the default shell is actually the command prompt. So in fact, the first commandlet that you might want to execute is simply Powershell. That will change you to the PowerShell environment, and you can verify that by just examining the prompt because it now starts with PS for PowerShell.
Okay, so on this particular system some basic configuration was already done but we can go ahead and change it. But you might want to determine its existing configuration for the network adapter by executing GET-NetIPAddress.
[Video description begins] In the PowerShell environment, he highlights the executed command, Get -NetIPAddress. [Video description ends]
This will show you the existing configuration. And perhaps most notably, something that you will need is this InterfaceIndex. Because when we go to assign new values, one of the parameters that we have to supply is the interface index value. So in my case, it's 5 that will identify this particular interface to the commandlet, okay?
And you can examine any existing values in here that you might want to change. But we'll just change the IP address from its current value of 192.168.0.10 to maybe 0.20 and we'll leave pretty much everything else as it is. So the commandlet to set the new address is New-NetIPAddress,
[Video description begins] In the PowerShell environment, he highlights the following executed command: New-NetIPAddress -InterfaceIndex 5 -IPAddress 192.160.0.20 -PrefixLength 24. [Video description ends]
then the parameter of InterfaceIndex, which again in my case is 5. Then, the parameter of IP address allows you to specify the new address, so in my case, 192.168.0.20. And the PrefixLength is 24, that equates to 255.255.255.0, and the subnet mask, okay. So we can just hit Enter there and that changes everything there, and we can verify that the new address has been assigned by just examining the results.
You could also set a default gateway. The parameter would be quite literally just -defaultgateway, all one word, and you could supply a value there if you wanted to. Mine was already there and it was fine, so I just left it as it is. But then to set the DNS server, the commandlet is Set-DnsClientServerAddress. Because this system is the client,
[Video description begins] In the PowerShell environment, he highlights the following executed command: Set-DnsClientServerAddress -InterfaceIndex 5 -ServerAddress 192.168.0.10. [Video description ends]
I'm specifying which system it should use as its server. And I'm just making up the addresses here, so don't worry about the values themselves. But once again, the parameter of InterfaceIindex is required and that's 5 in my case, then ServerAddress is the DNS server this client should use. So I set that to 192.168.0.10, okay, and again I'm just making up addresses here.
And then finally to rename the system, you might want to execute HOSTNAME to find out the current name, okay. So the current name appeared and I just copied this. Then the commandlet is Rename-Computer, then the existing ComputerName, where I just paste it in the existing name to avoid typos, then the parameter of NewName, which I'm just changing to SrvCoreO1. And then of course it tells me that this will take effect after you restart the computer, okay.
So we can finish off with just shutdown -r for restart, or you can also use the PowerShell commandlet of restart computer, okay. But let's go ahead and restart, and basically, that is how you can perform those same configuration tasks using the PowerShell environment. And again, I do want to remind you that by all means, you can use the graphic interface of any other server to connect to this system remotely to perform those same tasks if you prefer.
Using Sconfig
Now, in this video, we'll take a look at performing some additional configuration tasks on a server core installation, using the Sconfig utility. Now, this is a nice feature for just your basic configuration, because it doesn't require any knowledge of any kind of syntax, or any kind of command structure. Everything is done through a menu driven interface, whereby you really just enter letters or numbers to select the options that you want. So from your server core installation, again, when the system boots it will just bring you into a command prompt, and you can access this by just typing
[Video description begins] The screen displays a Command Prompt window. He executes the sconfig command, which opens a Server Configuration prompt with various numbered options, such as 1) Domain/Workgroup, 2) Computer Name, 3) Add Local Administrator, 4) Configure Remote Management, 5) Windows Update Settings, 6) Download and Install Updates and so on. At the bottom of the window, an Enter number to select an option prompt displays. [Video description ends]
in sconfig, all one word for server config, and hit Enter. And you see a menu whereby there are 15 available options. And in terms of configuring any given option, you just enter the number next to that option. So at the bottom it is prompting you for a number. So let's take a look at the very first option for Domain and Workgroup, that's number 1. So we just hit number 1 and hit Enter. So it simply asks now if we want to join a Domain or a Workgroup.
And the letters that are in the parenthesis indicate the selections. So D for Domain, or W for Workgroup. So I just hit either one, and that allows me to enter in the configuration. Now, I can also cancel this by just entering a blank. It says Blank=Cancel, so I won't bother making any changes here. I'll just hit Enter, and we'll take a look at another option, number 2 is the computer name. So we could just hit number 2 and hit Enter.
And again, it says to enter the new computer name, Blank=Cancel, but you can just type in a new name right here and change the name of the system. Now again, that will require a reboot, so I won't bother making the change, I'll just hit Enter, and that cancels it. But let's take a look at some simpler ones that won't require a reboot, such as the Windows Update Settings. Currently it says, it's set to DownloadOnly, so that's option 5.
And it asks, do you want Automatic, DownloadOnly, or Manual? And again, it's the letter in parenthesis that allows you to configure the options. So A for automatic, and it's not case sensitive, so I can just type in the letter A, hit Enter, and it's enabling Automatic updates. And another nice feature of Sconfig is that in many cases, a graphic interface will appear with a message telling you that the setting has been changed.
So that has just appeared, it says Windows Update set to Automatic, the system will check for and install updates every day at 3 AM. And my mouse works here, so I can just click on OK to dismiss that. So a certain level of graphic interaction can be done here. And let's take a look at Remote Desktop, that's number 7. We can enable or disable the feature, it is currently Enabled. That's just for the sake of our argument, disable it by hitting the letter D and hitting Enter.
And once again it will come up and give me a message box, informing me that it has been disabled. So I can just click on OK to dismiss that. And really that's all you have to do. You can simply enter in the number to allow you to configure the server using basic number and letter entry. Now, in some cases you certainly do have to type things in such as the name of the domain, or workgroup, or the computer name, but no syntax is required.
I don't need to know the PowerShell command-let, or the command prompt command to configure these values, I just choose the appropriate number and/or letter. Let's take one more look at another setting such as Networks, on number 8, hit Enter. And it tells you the list of the available adapters with an index number next to it.
[Video description begins] The interface displays a table under an Available Network Adapters heading with three columns, Index#, IP address, and Description. [Video description ends]
So in this case, it's number 1, so I just have to hit number 1, hit Enter. It tells me the current settings, and then gives me four more options.
[Video description begins] The output shows various settings, such as NIC Index, Description, IP Address and so on. [Video description ends]
I can set the Network Adapter address, set the DNS servers, clear the DNS server settings, and just return to the main menu. Number 4 will bring us back, okay? So again, it's just really easy to navigate. It's really easy to adjust and configure these basic settings using the Sconfig utility. And to exit out of here when you are finished is number 15. So we can just hit 15, and hit Enter. And we are back to the standard command prompt.
Let's just type in cls to clear the screen. And we are right back where we started. Okay, so again, Sconfig just gives you that nice easy option to configure basic settings without any kind of commands, without any kind of syntax, and allows configuration using those basic value entries.
Windows Server 2019 Remote Desktop Services
In this presentation we'll examine some of the improvements and enhancements to remote desktop services in Windows Server 2019. But before we get into that. I would also like to tell you about some enhancements that have been made to the Windows virtual desktop service. Which is certainly still based on a remote desktop. But it offers the ability to access a full virtual Windows desktop that's delivered from Azure. Instead of having to maintain a virtual desktop infrastructure in your on-premises environment.
Now, that in itself was still a very common implementation, and there's certainly nothing wrong with doing so. But by moving to the cloud, you no longer have to maintain that infrastructure yourself. And you inherently get a complete Windows desktop and Office environment made available to you from anywhere on most any device. It's fully multi-user capable and optimized for Office 365 ProPlus applications. And even continues to support Windows 7 devices with extended security updates for longer device life.
So this does provide you with a very robust alternative to implementing and maintaining VDI in your local data centers. Now for local implementations of remote desktop with Windows Server 2019. There have been enhancements to the remote desktop services web client for devices without the native client installed.
So connectivity can be accessed through a browser. With single sign-on support still available to allow authentication to be passed on to the remote desktops. And enhanced GPU virtualization for better support of graphics acceleration, video detection and high DPI down sampling. And when you are implementing a virtual desktop infrastructure, there have also been enhancements to the remote desktop session hosts, or RDSH. Including video playback, which now always uses hardware acceleration and smoother playback when moving or sizing the window.
User input delay counters for better troubleshooting for poor application performance. Improved messages for printing errors and other messages from a print server and also device redirection enhancements. Offering an increased frame rate while at the same time requiring less bandwidth. And better redirection of multiple cameras. So with these enhancements and new offerings it should offer a better overall experience for your end users. And at the same time lowered overhead for your administrators.
Deploying RDS 2019 on Azure
In this video, I would just like to tell you about some features that are available for implementing a Remote Desktop Services infrastructure in Azure. Now, you may be considering an implementation of Remote Desktop Services. And if so, of course, you can construct this within your own on-premises environment. But there are a fair amount of requirements to set up, let's call it a fully functioning, robust Remote Desktop Services infrastructure. So you just may not have that infrastructure available to you, but of course, that infrastructure is available in Azure.
[Video description begins] The screen displays the Microsoft Azure window. In the top ribbon, this window shows various options, such as Overview, Solutions, Products, Documentation, Pricing, Training and so on. The window has a heading, Azure Quickstart Templates with some basic information. Also, there is some information under a What is Azure Resource Manager subheading. [Video description ends]
Now what you also have at your disposal is a template that effectively has most of the work done for you already. So I'm just here on the Azure homepage, and there are links across the top. And if you go to the very last one that says, More, you can click there. And there is an option to search through resources for downloads, white papers, templates and events. It's the template that we're interested in. So if you choose that and then you just do a search for something like an RDS farm or RDS deployment, you will likely see the results that I have here.
[Video description begins] He scrolls down the page to show a search field bar, where RDS farm has been searched. Below this search section, three matching templates are visible, RDS Gateway High Availability deployment, RDS farm deployment using existing active directory, and Basic RDS farm deployment. [Video description ends]
A Remote Desktop Services gateway in a high availability deployment. A Remote Desktop Services farm deployment using your existing Active Directory. Or a basic RDS farm deployment. Now, you can click on any one of these. I've already clicked on the basic farm deployment, and that brings you into your portal, if, of course, you have a subscription.
[Video description begins] The host switches to the Remote Desktop Services 2019 RDS Farm page of Microsoft Azure. This page shows a Create button with some basic information related to the deployment. In the left section, there is a ribbon with various options, such as Create a resource, Home, Dashboard, All services, All resources and so on. [Video description ends]
And it gives you a breakdown of everything that is included in this template. So as I mentioned, there are a lot of components, and I'm really just wanting to highlight this for you. This would be a fairly robust configuration, to say the least, and it would take probably the better part of maybe an hour to actually go through and configure everything. But this particular template will create, for you, everything that's listed here okay?
So it creates a new Active Directory domain. You can choose your own domain if you have one. It creates new virtual networks and subnets. It allows you to set up your own external Remote Desktop Services web URL. It creates a public IP, a network security group for the virtual machines. It creates availability sets. And then, of course, in terms of the Remote Desktop Services infrastructure itself, it creates between 1 and 50 Remote Desktop Services hosts.
It creates the gateway, the broker, it creates everything that you need to implement Remote Desktop Services in Azure. Now, if you scroll down a little bit more, it gives you a basic idea of what it will end up looking like in terms of the infrastructure. And there are links here that you can click on to get more information about setting up the farm.
[Video description begins] He points at a Setup RDS Farm in Azure link. He switches to a page with the following heading: How to Setup Remote Desktop Services RDS 2019 Farm on Azure. This page shows a Deploy to Azure button, along with basic information about the setup. [Video description ends]
And I've already clicked on those, and they bring you to this page here. Where it gives you a better idea in terms of what is actually going to be set up and some post-deployment and configuration steps. Okay, so again, just the basic idea here is that all of this infrastructure is available to you within Azure. And the template has all of this already set up. So you just really provide some values, and it configures all of this.
So it's not like you have to go into Azure, and manually configure all of these systems for a Remote Desktop Services infrastructure. You just choose the template, you can adjust accordingly and configure your RDS farm as needed at any time. And quite literally, within maybe an hour, you'll have your entire infrastructure up and ready to be used.
Windows Admin Center Installation Options
In this presentation, we'll take a look at the available installation options for the Windows Admin Center. And the two main considerations here are, where is the Admin Center itself located. And is that system itself meant to be a managed server? Okay, now we'll clarify that in a moment but we'll begin with the local client installation. So this means that the Admin Center itself is directly installed on your own local client which could be really just about anything in terms of operating system, including Windows 10.
So in this situation, let's imagine that I'm an administrator and I'm just using a laptop. And I just want a dedicated installation on my own system. But I'm not using the Admin Center on my own system to manage my own system. I'm using it to manage the remote servers. Okay so that's what I mean by where is it installed. And am I using that installation to manage that particular system? In this case, you really aren't.
You want the installation always available to you on your own client, but it's always being used to connect to target servers. So then if we look at the gateway server installation, now the installation of the Admin Center itself is moved off of my client. And it's moved on to, and let's just call it a dedicated server. Okay, it doesn't have to be but in terms of its functionality, we just want that server to host the installation of the Admin Center.
So I don't need to use something like Remote Desktop Services to connect to the gateway server because it's all web-based. All I need is a URL. So now I've offloaded the installation from my own computer onto this dedicated server. And I just use that to then connect to the target servers. But generally, the gateway server itself is not meant to be a managed server. Now that said, it can be. Okay The Admin Center can manage the gateway server itself. But its purpose, if you will, is to provide access to all of the other servers. So, again, this offloads the installation from your own computer.
So now let's imagine that I'm that same administrator, but maybe I move around a lot. So I don't want to worry about a local installation. I just use the URL to get to the gateway server. Then I use that to manage the target servers, and again, optionally, the gateway server itself. The managed server installation then moves the install off to one of the servers that is intended to be managed. So this is why I say you can manage the gateway server if you want to, but that's just generally not the focus.
In this case, I do want to manage, let's just call it server one. But then I also want to connect through to servers two and three so all of them are being managed. But the installation is on one of the managed servers. So this just really removes the gateway concept. And finally, the failover cluster installation brings back the gateway server if you will.
But I don't want a single instance of the Admin Center on just a single server, in many cases, purely for fault tolerance. So if the gateway server where to go down, I would lose all of the connectivity to my managed servers. So by clustering it, now I have greater resiliency for just the gateway server itself. Okay, so in terms of just summarizing all of that, we have a table here, where it lists the version of the operating systems on which it can be installed. And then the configurations that are supported.
Now the only difference here is when it's installed on Windows 10. That only supports the local client installation option. So it's not a managed server, it's not a gateway server and it's not a failover cluster when it's running on Windows 10. It can only be the local client installation. Once you then place the Admin Center itself on any one of the servers that are listed, Semi-Annual Channel, Server 2019 and even Server 2016, then all configurations are supported. Okay so really the only difference is, is it Windows 10? Or is it one of the server-based operating systems in terms of your available configuration options?
Installing Windows Admin Center
In this video, we'll see how to install the new Windows Admin Center on an installation of Windows Server 2019. Now, when you launch Server Manager for the first time on this new installation, you will likely see a prompt that says try managing servers with Windows Admin Center.
[Video description begins] The screen displays a Dashboard page of Server Manager. In the left ribbon, this interface shows four options, Dashboard, Local Server, All Servers, and File and Storage Services. Currently, the Dashboard option is selected. Also, there is a dialog box with a heading, Try managing servers with Windows Admin Center, and a link to get more information. [Video description ends]
And in fact, every time you launch Server Manager, this will appear. But somebody may have selected this option to not show this message again. But this does give you an easy link to get more information and of course, download the Admin Center itself. So you can just click on this link, which I have already done. And that brings you to this browser page right here.
[Video description begins] The host switches to a Windows Admin Center page of Microsoft. In this page, there is some brief information about the admin center and various download links. [Video description ends]
Now again, if somebody clicks to not show that message anymore, you can just do any general Internet search for the Windows Admin Center. And you would likely find a number of links that will get you to this point. But from here, you can simply choose which version to download. At the time of this recording there is a 1909 version in preview. But the validated and generally available version is 1904.1. So that is the one that I clicked on to download.
[Video description begins] A Windows Admin Center Setup window opens. This window has Back, Next, and Cancel buttons at the bottom. [Video description ends]
So of course you can just click on that. It will download to your default Downloads directory, which I have here. So we can just double click to launch the installation. Let's click on Run, and let's go ahead and click on I accept the licence term, click on Next.
[Video description begins] When he clicks Next after accepting the terms and conditions, the setup window shows two radio buttons, Use Microsoft Update when I check for updates (recommended) and I don't want to use Microsoft Update, which is currently selected. [Video description ends]
And, of course, it is recommended to use update, so let's click on Next. And we can click on Next again. And we can allow the Windows Admin Center to modify this machine's trusted host settings, so we'll click Next.
[Video description begins] When he clicks the Next button, the setup window shows various options, such as a Select a port for the Windows Admin Center site field bar, two radio buttons, namely Generate a self-signed SSL certificate. This certificate will expire in 60 days, which is currently selected, and Use an SSL certificate installed on this computer. [Video description ends]
And you do need to specify a certificate option. Now, if you do not yet have certificate services set up, then you can generate a self-signed certificate, which is fine. And that's what we will do in this demonstration, but note that it does expire in 60 days. So at some point, you will have to reconfigure to use an SSL certificate that is installed on this computer. Or you would have to reinstall over and over again every 60 days.
But, again, for the purposes of this demonstration, the self signed certificate is fine and the default port is 443. You certainly can change that but, of course, that is secured HTTP. So let's go ahead and click on Install. And this shouldn't take very long to install, it's not a particularly large installation. But once it does complete the installation, then you have to access it using your browser. Again it's not something that is a local application per se.
Well, I should really say that it is local, but it's accessed through a browser, it's not its own customized interface. So we'll just give this a few minutes to complete and then we'll see how to access it.
[Video description begins] After the installation is complete, the setup window shows a link under the heading, Ready to connect from a PC. At the bottom of the window, there is a Finish button. [Video description ends]
Okay, so our installation has completed. And on the final page here, it gives you a URL that you can use to simply launch your browser and access the Windows Admin Center. And I should point out that Internet Explorer is actually not one of the supported browsers. And this is a brand new installation of Windows Server 2019.
So I have actually yet to install and/or enable Edge as the browser. So I've installed a supported browser and I can now just click on the link.
[Video description begins] He clicks the link, and an All connections page of Windows Admin Center opens. This page shows a table with five columns, Name, Type, Last connected, Managing as, and Tags. In the top ribbon, this page shows various options, such as Add, Connect, Manage as and so on. In the table, a server is currently listed. [Video description ends]
And that should bring us into the new Windows Admin Center. Now we will see some of the options for configuring everything through the Admin Center a little bit later on. So for the time being, we'll just skip the tour here. And we do see now that our first server is showing up in the new Windows Admin Center.
Windows Admin Center Settings
Now in this video, we'll take a look at configuring some of the settings in the Windows Admin Center. And in this case, I'm not really referring to the settings of any particular server, but rather the settings of the Admin Center itself as an application.
[Video description begins] The screen displays the All connections page of Windows Admin Center. This page shows a table with five columns, Name, Type, Last connected, Managing as, and Tags. In the top ribbon, this page shows various options, such as Add, Connect, Manage as and so on. In the table, a server is currently listed. [Video description ends]
So if you look up in the upper right hand corner, you'll see a little cog or a wheel icon. This is your setting.
[Video description begins] When he clicks the Settings icon, a Settings pane opens on the left side. In this pane, there are various options under two sections, User and Gateway. The User section has options, such as Account, Personalization, Suggestions, and so on. The Gateway section has options, such as Extensions, Azure, and so on. Currently, the Account option is selected, and the page shows the Account name. [Video description ends]
And in here you'll find two sections, User and Gateway. Now Gateway has, I guess, two connotations with respect to the Windows Admin Center. It can refer to the fact that you can use this installation to connect through to other servers to manage them. So in other words, you can manage systems through this gateway. But in terms of the settings, it more so refers to the fact that anything that is configured in the user section is personal to you.
And anything that is configured in the Gateway section is applicable to all users who use this instance of the Windows Admin Center. Okay, so, under the User section, the first option is Account and this just shows you the account that you have used to sign in. Clearly this should be your own identity. But in some cases, you might be using some kind of a shared identity. But it just ultimately reports which account is being used.
[Video description begins] When he clicks the Personalization option, the page shows two radio buttons, Light mode and Dark mode (Preview). [Video description ends]
Then under Personalization, you can just set a sort of color mode here, light or dark.
[Video description begins] When he clicks the Language / Region option, the page shows two menus, Language and Regional format. [Video description ends]
Then you can set your Language and Region.
[Video description begins] When he clicks the Suggestions option, the page shows various toggle buttons under a Show me suggestions about heading, such as Azure Update Management, Azure Site Recovery, and so on. [Video description ends]
Suggestions in terms of what you would like to see, suggestions of both. So these are just on or off. If you don't want any suggestions, you can just disable all of them.
[Video description begins] When he clicks the Advanced option, the page shows a Console log level menu, and an Experiment keys section with an Add button. [Video description ends]
And then under Advanced, there is a console log level that you can set if you like. By default, it's set to 3, or just warning levels. But you can change that at any time. So again, anything that you configure under the user section will be personal, just for you.
[Video description begins] When he clicks the Extensions option, the page shows three tabs, Available extensions, Installed extensions, and Feeds. Each tab shows the corresponding list. [Video description ends]
So then if we go down to the Gateway section, we see Extensions. And here you can find a list of available extensions and those that are installed. Under available, you can select any one of them. You get a description down below. You get links to more information and/or to install it if you want to.
[Video description begins] When he clicks the Azure option, the page shows some basic information with a Register button. [Video description ends]
And if you then select Azure, you can register this with Azure so that you can perform your standard administrative tasks in Azure through the admin center and under Access,
[Video description begins] When he clicks the Access option, the page shows three setting-related sections, Azure Active Directory, Multi-factor authentication, and Allowed groups. [Video description ends]
if you have configured Azure into the mix here. Then you can also add in Azure Active Directory to add a layer of security to the gateway. But again you have to register with Azure first. Then you can also enable multi-factor authentication if you have smartcard authentication available to you. And you can also allow multiple groups to have access to the Admin Center by just clicking on Add. By default, the built in administrators group does have access of course.
[Video description begins] When he clicks the Shared Connections option, the page shows an empty table with three columns, Name, Type, and Tags. In the top ribbon, there are options, such as Add, Remove, and so on. [Video description ends]
And then finally under shared connections, you can just set up a collection of servers that will be available again to the multiple users that are using this particular instance. So all of this will depend on your configuration and your needs in terms of who was able to access the admin center itself. And then of course, which servers they can access from there. But again, those settings allow you to customize the Admin Center just as an application.
User Access Control and Permissions
In this video, we'll take a look at the Windows Admin Center options for configuring user access control and permissions. Which begins by defining gateway users and gateway administrators. Now the gateway users can connect to and manage servers through that instance of the gateway. But they can't make any changes to the existing configuration in terms of access, permissions and authentication. And it should also be noted that even though they may belong to this gateway users group, that in and of itself does not imply any kind of access to the target server itself. It's effectively just access to the gateway server.
So the user must still have administrative abilities on the target server over and above being part of the gateway user's group. Then, as you might imagine, the gateway administrators group has full control over who gains access to that instance of the gateway. And again it should also be noted that anyone who is a local administrator of the gateway machine itself is automatically a gateway administrator as well.
So then as a best practice with respect to controlling gateway access it is certainly recommended to use your existing active directory groups which are accessible through the Windows Admin Center interface. Or alternatively, use local machine groups from the Windows Admin Center gateway machine itself if you don't have an active directory. But in either case, it is certainly recommended to configure your users and groups. As by default, if no entries are specified then any user with access to the URL has access to the gateway.
So be sure to configure this early in your implementation. And if you have Smart Cards implemented in your organization, then this is also supported as an authentication option for both user and administrator access to the Windows Admin Center. So simply identify the appropriate users and then you can enforce Smart Card authentication by specifying a required group for Smart Card based security groups.
And if you have an Azure subscription using Azure active directory, you can configure an additional layer of security to allow access to the gateway. Now, this will depend on the browser that's used as well as their administrative status. And I'll come back to that in a moment, but when attempting to access the admin center, an additional browser prompt may appear where they will need to provide their credentials for Azure Active Directory authentication.
And you can be as selective here as you like in terms of which specific users and groups will be required to use as your authentication. But as mentioned, coming back to their administrative status. If a user has administrative rights on the gateway machine itself, even if they are configured for Azure Active Directory authentication, they will not receive the additional authentication prompt.
So then with its ability to integrate with Azure Active Directory, you can also take advantage of additional security mechanisms provided by Azure such as conditional access and multi-factor authentication. And even when it's deployed without Azure active directory it also supports single sign-on configurations when you install it on a Windows 10 system provided you configure a trusted delegation to the target node.
And finally, role-based access control is also available to implement limited administrative accounts so that you don't need to configure full local administrators, at least in terms of access to the gateway system itself. Again, users will still need whatever level of administrative access they require on the target node.
Manage Servers with Windows Admin Center
In this video, we'll see how to add an individual server into your connections list in the Windows Admin Center. So that, of course, you can access any server that is here in the list. Now, you do need to know the name. And of course, you need an account that has permission to be able to access that server.
[Video description begins] The screen displays the All connections page of Windows Admin Center. This page shows a table with five columns, Name, Type, Last connected, Managing as, and Tags. In the top ribbon, this page shows various options, such as Add, Connect, Manage as and so on. In the table, a server is currently listed. [Video description ends]
But as long as you have both, this is a fairly simple operation. So from the left-hand side of your all connections page, simply click on Add.
[Video description begins] When he clicks the Add option, a Choose the connection type side panel opens. This side panel shows four options, Servers, Windows PCs, Failover clusters, and Hyper-converged clusters. [Video description ends]
And the reason I specifically stated that we'll be adding an individual server here is because you do have various connection types available. So in this case, we will just choose Servers. But do take note that you can add Windows PCs, Failover clusters, and Hyper-converged clusters as well. So for an individual server, simply choose Servers.
[Video description begins] When he chooses the Servers option, the side panel shows the Servers heading, Below this heading, there are three tabs, Add one, Import a list, and Search Active Directory. Currently, the Add one tab is active. This tab shows a Server name field bar. [Video description ends]
And as mentioned, you really just need the name. But if you aren't certain of the name, you can search the Active Directory. And if you have a list configured, then you can import that as well if, of course, you had many servers to import. But in my case, I'm just going to enter a server name, srv0473. Now I should also point out that since I installed the Admin Center, I did join this system to an Active Directory.
[Video description begins] After he enters the Server name, a Credentials needed section appears in this tab. This section shows two radio buttons, Use my Windows account for this connection and Use another account for this connection. Below these radio buttons, there are two field bars, Username and Password. At the bottom, this section shows three buttons, Add with credentials, Add, and Cancel. [Video description ends]
It was just a local installation prior to this demonstration. But it has joined an Active Directory, so other servers are now available. But it is telling me that I need credentials here. So I'm going to enter in the credentials for the domain administrative account, which is already there. And then I can just click to Add with those credentials.
And that should successfully add this system to the list. So again, this just gives me access to all of the servers that I'm able to manage. So it has been found. I can add the server name exactly as entered. Or in fact, I can give it a different name if I want to. But for the sake of consistency, let's just leave everything as it is. Click on Add, and we have our additional server, okay?
[Video description begins] In the All connections page, the table shows the newly added server. [Video description ends]
So simply repeat that process for all of the servers to which you have access. So that you can manage any and/or all of them through your Windows Admin Center.
Windows Admin Center Integration
In this video, we'll examine the option to integrate the Windows Admin Center with various services in Azure. Now, this does require a one-time registration with Azure, which is available from the Azure node in the Admin Center itself. And this registration will persist through any updates or even upgrades to newer versions of the Windows Admin Center. So once registered, you can leverage Azure Active Directory authentication for gateway access. And a guided process will create an Azure Active Directory app to support all points of Azure integration in the Admin Center.
So then once configured, there are a variety of services and options available, including hybrid configurations. Whereby you can protect your on-premises virtual machines using cloud-based backup and recovery. Track application access and network performance through Azure's advanced analytics and monitoring. Configure an Azure network adapter to simplify connectivity to Azure. Keep your local virtual machines current with Azure Update Management.
And any of these implementations can be configured with either physical or virtual machines and in a clustered or a hyper-converged cluster configuration. In addition, the integration option offers access to the hybrid services tool. Which centralizes all available Azure services that can be brought to your hybrid configuration and access all enabled services on a server from a single location. You can then easily access the relevant tool for any given task from within the Admin Center.
Or you can directly launch the Azure portal if a more complex configuration is required. And also access all relevant documentation. So then with this tool, you can access features such as Windows Server Backup. Azure Site Recovery for virtual machine protection. Azure File Sync to synchronize data with your local file servers. Manage updates of both your local and cloud-based servers with the Azure Update Management service.
Use Azure Monitor to configure and manage alerts on all servers, again, both local and cloud-based. And connect your on-premises servers to an Azure virtual network with the Azure Network Adapter feature. So, again, if you do have an existing Azure subscription or if maybe you are investigating getting one, the Windows Admin Center provides a much simpler and a more centralized experience for your administrators.
Windows Admin Center Logging
Now in this video, we'll take a look at the logging abilities of the Windows Admin Center. And to clarify, this doesn't refer to being able to access the standard event logs of any given server to which you are connected through the Admin Center. But rather the Admin Center itself creates log entries on the target servers for the actions that have been performed against it using the Admin Center.
So then, if you were to go and examine the local logs of any server that has been configured through the Admin Center, you would find these entries in the Microsoft-
The module or tool that was run. The Windows Admin Center gateway where the action was invoked. The user on that gateway who invoked the action, and the username that was provided to access the target server if the manage as option was used to provide different credentials. If any delegated credentials were passed from the user's client machine, and if the machine was accessed using a local administrator password solution, or LAPS.
So with these logging abilities, again, it provides administrators, and especially auditors, with a much more complete picture of any configuration tasks that might have been implemented through the Windows Admin Center against the target servers.