Docs / Windows Server / Set Up Windows Admin Center for Remote Management

Set Up Windows Admin Center for Remote Management

By Admin · Mar 15, 2026 · Updated Apr 23, 2026 · 322 views · 4 min read

Windows Admin Center (WAC) is Microsoft's modern, browser-based management tool for Windows Server. It replaces traditional tools like Server Manager, MMC snap-ins, and RSAT with a single web interface for managing servers, clusters, and hyper-converged infrastructure. This guide covers deploying WAC on your VPS for centralized remote management.

Install Windows Admin Center

# Download WAC
Invoke-WebRequest -Uri "https://aka.ms/wacdownload" -OutFile "C:\temp\WindowsAdminCenter.msi"

# Install WAC (gateway mode — accessible from browser)
msiexec /i "C:\temp\WindowsAdminCenter.msi" /qn /L*v "C:\temp\wac-install.log" `
    SME_PORT=443 `
    SSL_CERTIFICATE_OPTION=generate `
    SME_THUMBPRINT=

# Or install with a specific SSL certificate
msiexec /i "C:\temp\WindowsAdminCenter.msi" /qn `
    SME_PORT=443 `
    SSL_CERTIFICATE_OPTION=installed `
    SME_THUMBPRINT=

# Verify WAC is running
Get-Service ServerManagementGateway
Test-NetConnection localhost -Port 443

Access and Configuration

# Access WAC from browser
# https://your-server-name:443
# Or: https://your-vps-ip:443

# Configure firewall
New-NetFirewallRule -DisplayName "Windows Admin Center" `
    -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow

# Restrict access to specific IPs
New-NetFirewallRule -DisplayName "WAC - Admin Access Only" `
    -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow `
    -RemoteAddress "203.0.113.0/24"

# Add trusted hosts for managing non-domain servers
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "10.0.0.*" -Force

Add Servers to Manage

# Prepare remote servers for management
# On each remote server, enable WinRM:
Enable-PSRemoting -Force
winrm quickconfig -q

# For non-domain servers, add to trusted hosts on both sides
# On WAC server:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "server1.example.com,server2.example.com" -Force

# On remote server:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "wac-server.example.com" -Force

# Configure CredSSP for double-hop scenarios
Enable-WSManCredSSP -Role Client -DelegateComputer "*.corp.example.com" -Force
# On target servers:
Enable-WSManCredSSP -Role Server -Force

WAC Features and Tools

Windows Admin Center provides these built-in tools for each managed server:

  • Overview: CPU, memory, disk, network at a glance
  • Certificates: Manage certificates without MMC
  • Devices: Device Manager equivalent
  • Events: Event Viewer with filtering and search
  • Files & File Sharing: Browse files and manage SMB shares
  • Firewall: Manage Windows Firewall rules
  • Installed Apps: Add/remove programs
  • Networking: Network adapter and IP configuration
  • PowerShell: In-browser PowerShell console
  • Processes: Task Manager equivalent
  • Registry: Registry Editor in the browser
  • Roles & Features: Install/remove server roles
  • Scheduled Tasks: Task Scheduler management
  • Services: Start/stop/configure services
  • Storage: Disk and volume management
  • Updates: Windows Update management
  • Virtual Machines: Hyper-V management

Install Extensions

# WAC extensions add functionality:
# In WAC UI: Settings > Extensions > Available Extensions

# Popular extensions:
# - Active Directory — manage AD users, groups, OUs
# - DNS — manage DNS zones and records
# - DHCP — manage DHCP scopes and leases
# - GPU Management — monitor GPU usage
# - Security — security configuration analyzer
# - Containers — Docker container management

# Install extensions via PowerShell (API)
# Extensions are managed through the WAC web UI

Automate WAC with PowerShell

# WAC exposes REST APIs for automation
$wacUrl = "https://wac-server.example.com"
$cred = Get-Credential

# Get managed server list
$servers = Invoke-RestMethod -Uri "$wacUrl/api/connections" `
    -Credential $cred -UseDefaultCredentials

# Add a new server connection
$body = @{
    id = "msft.sme.connection-type.server!server1.example.com"
    name = "server1.example.com"
    type = "msft.sme.connection-type.server"
} | ConvertTo-Json

Invoke-RestMethod -Uri "$wacUrl/api/connections" `
    -Method Post -Body $body -ContentType "application/json" `
    -Credential $cred

SSL Certificate Configuration

# Replace the self-signed certificate with a proper one
# 1. Import your certificate
$cert = Import-PfxCertificate -FilePath "C:\certs\wac.pfx" `
    -CertStoreLocation "Cert:\LocalMachine\My" `
    -Password (ConvertTo-SecureString "CertP@ss" -AsPlainText -Force)

# 2. Bind the certificate to WAC port
netsh http delete sslcert ipport=0.0.0.0:443
netsh http add sslcert ipport=0.0.0.0:443 `
    certhash=$($cert.Thumbprint) `
    appid='{00000000-0000-0000-0000-000000000000}' `
    certstorename=My

# 3. Restart WAC service
Restart-Service ServerManagementGateway

Best Practices

  • Install WAC on a dedicated management server — not on the servers you're managing
  • Use a proper SSL certificate — self-signed certs cause browser warnings
  • Restrict network access to WAC using firewall rules — it provides full server control
  • Use Azure AD authentication for multi-factor authentication on WAC
  • Install extensions for AD, DNS, and DHCP management from the browser
  • Keep WAC updated — new versions add features and security fixes
  • Use WAC for Server Core management — it provides the GUI experience for headless servers

Was this article helpful?

Related Articles