Windows Admin Center for managing servers and clients

Admin onthe Bridge

Role-Based Access Control

Role-based access controls help define which administrators can access WAC and which servers they can manage. You can access role-based access control in Active Directory Users and Groups . In general, WAC distinguishes between three user types:

  • WAC Administrators are given comprehensives authorizations.
  • WAC Hyper-V Administrators can manage virtual computers and switches. The other tools can be used for read access, but changes are not allowed.
  • WAC Readers can display but not change settings.

As soon as you activate the feature, the corresponding rights become available; the best way of using these is with groups in Active Directory. You can enable role-based access control for each server once you have connected to it. In the lower area, click on Settings so you can use Role-based Access Control to set up the permissions for the respective server. First, enable the permissions in general, which you can do by clicking Apply on the respective server. New groups are also created on the server for this purpose. By joining users to these groups, you then control the WAC permissions that administrators receive on the server.

Using Certificates in WAC

If you will be using WAC on a permanent basis in production, you will want to deploy proper certificates (you could also use the Active Directory certificate services). In principle, you first need to assign a certificate to the server on which the WAC gateway is running. To begin, call certlm.msc, where you will find the necessary tools. Then, you can, for example, retrieve new certificates.

In a certificate's properties, you then retrieve the fingerprint in the Details tab. Now store this fingerprint in WAC. To do this, open the installation program and click the Change option. By the way, even in a new installation with a certificate, you can store the certificate's fingerprint in the corresponding field. WAC will then use the certificate for admin connections.

Extending WAC

You will find WAC options at top right. Here, you can install extensions and connect to Microsoft Azure. These extensions integrate third-party functionality, as well as advanced features for Windows servers, such as the Windows Server Storage Migration wizard in Server 2019.

Microsoft also provides an API that lets you program extensions, which can be added directly to WAC through a separate menu item.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=