Windows Admin Center - Part 2 || Configuring WAC, Adding & Managing Servers

Adding Remote servers onto Windows Admin Center

1. Login to Windows Admin Center --> Click Add --> Select Servers

2. We can now add server one by one or we can have a file containing list of servers and we can then directly import it or we can use Active Directory Search option as well to add.

For now, I have used Active Directory & specified "*" to list all the servers. I can then select the servers & Click Add.

For this demo, I have selected DC4 & MMS2.

Output

Managing Servers using Windows Admin Center

Once added, we can click on the server to connect from Windows Admin Center or else we can select & choose connect.
Note - This would directly connect us to MMS2 using an account from which you are currently logged in to Windows Admin Center.

Incase we need to login using different credentials, we can select the server --> Click Manage as & Enter different set of user ID & password to connect.

Once connected, we can explorer different services / utilities / features, WAC provides.

Example of few -

1. Overview : From here, we can restart, shutdown, rename or unjoin or join the machine to the domain.

We will be able to see live usage / metrics of different resources as well.

2. Under Files & Filesharing, we can see the Disk along with shared folder on the server if any.

3. From Install apps, we can easily see what's installed on the system. From here, we can even uninstall/remove the application as well.

4. Under Local users & groups - We can check local user & group accounts & can manage their membership too.

WAC is a great web based tool & there are lot of things that can be done using WAC.

 

Windows Admin Center - Part 1 Download & Installation

Windows Admin Center - It’s a web based tool using which we can do Remote Management of Workstations/ Servers.

Downloading from Eval Center

Link - https://www.microsoft.com/en-us/evalcenter

Installation

Run the Setup file --> Accept default values --> Windows Admin Center by default uses port 443.

If required we can use any other port from Empheral ports list range but make sure, we have Inbound allowed rule for that port.

Checkout my article on Ports in Windows "https://practicaladmin.blogspot.com/2023/01/logical-ports-in-windows.html"

Verifying if 443 is opened or not.

I have used Port query to check, but it can also be cross check either using Telnet or netstat command.

Listening means port is open.

Accessing Windows Admin Center Console

From any browser, type https://servernamefqdn:portusedforwindowsadmincenter, in mycase it would be https://mms1.mari.com:443

MMS1 - Server hosting Windows Admin Center

Mari.com - Domain Name

443 - Port used in Windows Admin center.

Powershell Script - KB Installation Status on Windows Servers / Clients.

 #Created By - Abhishek Bansal
<#Read Me !! 
1. Script will check if a KB mention in Input.csv against a Server name is installed or not.
2. Input.csv file header heading should not be changed. If planning to change, then changes are required in script also.
3. Once executed, Output.csv can be referred for the results.
To use this, copy the below code, have Input.csv on the same location with MachineName,KBID heading.
KBID - will be containing KBNo.
Machine Name -Server name against check is required.
#>

$checkdata = Import-Csv .\Input.csv
$line = 0 
$linecount = $checkdata.count
$percentagecomplete= 0 
    foreach($srv in $checkdata)
    {
    $percentagecomplete = ($line / $linecount) * 100
       $KB = $srv.KBID
       $error.Clear()
       Write-Progress -Activity "Checking Status.." -PercentComplete $percentagecomplete -Status "$line out of $linecount"
        try{
            if(($output = Get-HotFix -ComputerName $srv.'MachineName' -Id $KB).HotfixID -eq $KB) 
            {
            $srv |  Select @{n="MachineName";e={$srv.MachineName}},@{n="HotFixID";e={$KB}},@{n="InstalledOn";e={$output.InstalledOn}}  | Export-Csv ./Output.csv -Append -NoTypeInformation
            }
            
            else
            {
           $srv |  Select @{n="MachineName";e={$srv.MachineName}},@{n="HotFixID";e={$KB}},@{n="InstalledOn";e={"Not Installed"}} | Export-Csv ./Output.csv -Append -NoTypeInformation
            }
            }
            catch 
            {
           
            $srv | Select @{n="MachineName";e={$srv.MachineName}},@{n="HotFixID";e={$KB}},@{n="InstalledOn";e={$error.exception.Message}}  | Export-Csv ./Output.csv -Append -NoTypeInformation
             
            }
            $line++
    }
  

Powershell Script - Listing Empty GPOs

  #Created By - Abhishek Bansal

<#Read Me !! 

1. Script Usage - Finding Empty GPOs in the domain environment.

Script Logic -  Logic revolves around GPO Template & GPO Container user & computer version. So if  a policy is created but it's not configured with any setting or it's never been edited, then the Sysvol & AD Version for both the container & template are 0.

Below Snap for reference -

2. Refer EmptyGPos.csv for the output & below is the code. #>

import-module grouppolicy

$gpos = Get-GPO -All

foreach ($gpo in $gpos)

{

    if (($gpo.Computer.DSVersion -eq 0 -and $gpo.User.DSVersion -eq 0) -and ($gpo.Computer.SysvolVersion -eq 0 -and $gpo.User.SysvolVersion -eq 0))

    {

         $gpo | Select @{n="GPO Name";e={$_.Displayname}},DomainName,Owner,@{n="GUID";e={$_.ID}},GPoStatus,CreationTime,ModificationTime | Export-Csv ./EmptyGPO.csv -NoTypeInformation -Append

    }

}

Powershell Script - Fetching AD Group Details

 #Created By - Abhishek Bansal
<#Read Me !! 
1. Script Usage - Fetching AD Group details such as Description, Group Type, Name, Category etc for all the Groups mentioned in Input.txt
2. Refer Groupinfo.csv for the details.
3. Refer Errorlogs.csv for any error logs.

For using it, directly copy the entire code, save it in .ps1 extension and have a Input.txt file on the same location containing AD Group names#>

$group = Get-Content .\Input.txt
Write-Host -ForegroundColor Green "Total count of Groups input = $($group.count)"
$line = 0
$linecount = $group.count
$pct = 0
foreach($groupname in $group)
{
$error.Clear()
    $line++
    $pct = $line/$linecount * 100
     Write-Progress -Activity "Checking AD Group information.." -PercentComplete $pct -Status "$line of $linecount"
     try{
    Get-ADGroup -Identity $groupname -Properties * | Select SamAccountName,Description,Info,GroupScope,GroupCategory,CanonicalName | Export-Csv ./Groupinfo.csv -NoTypeInformation -Append
    }
    catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
    {
    $groupname | Select-Object -Property @{n="Samaccountname";e={$groupname}},@{n="Status";e={$error.exception.Message}} | Export-Csv ./Errorlogs.csv -NoTypeInformation -Append
    }
}

Powershell Script - Fetching User details along with their Manager details from AD.

 #Created By - Abhishek Bansal

<#Read Me !! 

1. Script Usage - Fetching User details along with User Manager name & email ID from AD.

2. User Sammacount name needs to be provided in Input.txt

3. Try Catch block is used to filter out Users not found in AD. Use Name columns to filter the output.

4. Refer Output.csv for final results.

For using it, directly copy the entire code, save it in .ps1 extension and have a Input.txt file on the same location.

#>

function getdetails($mgrdn)

{

$mgrdata = Get-ADUser -Properties * -Filter{DistinguishedName -like $mgrdn} | Select Samaccountname,Name,EmailAddress

return $mgrdata

}

$inputuser = Get-Content ./Input.txt

$line = 0 

$linecount = $inputuser.count

$percentagecomplete= 0

foreach($userid in $inputuser)

{

$line++

$percentagecomplete = ($line / $linecount) * 100

$userid = $userid.trim()

Write-Progress -Activity "Checking Status.." -PercentComplete $percentagecomplete -Status "$line out of $linecount"

[String]$dn = (Get-ADUser -Properties * -Identity $userid).Manager

$managerdetails = getdetails -mgrdn "$dn"

$Error.Clear()

try

    {

    Get-ADUser -Properties * -Identity $userid | Select Samaccountname,Name,EmailAddress,co,@{n="Manager_Samaccountname";e={$managerdetails.Samaccountname}},@{n="Manger Name";e={$managerdetails.Name}},@{n="Manager Mail";e={$managerdetails.EmailAddress}}  | Export-Csv ./Output.csv -NoTypeInformation -Append

  }

    catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]

    {

    $userid | Select @{n="Samaccountname";e={$userid}},@{n="Name";e={$Error.Exception.Message}},EmailAddress,co,@{n="Manager_Samaccountname";e={}},@{n="Manger Name";e={}},@{n="Manager Mail";e={}} | Export-Csv ./Output.csv -NoTypeInformation -Append

    }

}

Powershell Script - Export AD Group Membership containing large members

#Created By - Abhishek Bansal

<#Read Me !! 
1. Script Usage - Useful if members of AD Group are large in number. There are cases where Get-ADGroupMember fails when we have lots of members. ( More then 5K /6K )
2. Script is capable of exporting not only users objects but others too. ( Ex Groups ).
3. User need to input AD Group name when prompt & results can be checked in Groupname_Membership.csv file.

For using it, just copy the below code, run it
#>

$group = Read-Host "Enter AD Group Name"
$dn = Get-ADGroup -Identity $group -Properties * | Select objectClass -ExpandProperty Member

$line = 0 
$linecount = $dn.Count
$percentagecomplete= 0

foreach($row in $dn)
{
$line++
$percentagecomplete = ($line/$linecount)*100
$row = $row.trim()

Write-Progress -Activity "Checking Status.." -PercentComplete $percentagecomplete -Status "$line out of $linecount"

Get-ADObject -Properties * -Filter{DistinguishedName -like $row} | Select Name,Samaccountname,@{n="Member Category";e={$_.ObjectClass}} | Export-Csv ./$group.Membership.csv -NoTypeInformation -Append

}