back to article Windows Admin Center: Vulture gets claws on browser-based server admin

Microsoft has released Windows Admin Center (formerly known as Project Honolulu) to general availability. Windows Admin Center is a browser application for managing servers and computers on a Windows network. What’s the point? Under the covers, Windows Admin Center uses Remote Powershell and WMI (Windows Management Interface …

Page:

  1. Blockchain commentard

    Tried installing it on a 2016 server and it wouldn't let me because the server was a domain controller. So single server setups will need to be run from a PC.

    1. Anonymous Coward
      Anonymous Coward

      DC

      What? You tried to install something on a domain controller? You fool! Everyone knows you never install *anything* on a DC. Except for the handful of things that MUST be installed on a DC in order to not cause massive headaches later on.

      Now, if we can just figure out what that list is of what "really should" and what "really shouldn't" go on a DC, then we're golden.

      Here's my first crack at it:

      Really should:

      AD?

      DNS?

      Really shouldn't:

      file serving

      general purpose apps

      print serving

      Remote access/VPN

      IIS?

      Management consoles (AV, etc)

      At least AD boxes can be spun up on VMs now. The days of a dedicated pizza boxes sitting there essentially doing nothing are past. Looked fancy: "oh, those are our Active Directory Servers!" but cringeworthy at the waste of rackspace for what the boxes actually had to do.

      1. Gerhard Mack

        Re: DC

        It all sounds like a way for MS to sell more licenses.

        1. Bronek Kozicki

          Re: DC

          Well, AD servers own your "keys to the kingdom". It only makes sense to be careful how much of a potential exposure there is to such a machine.

        2. TheVogon

          Re: DC

          "It all sounds like a way for MS to sell more licenses."

          Considering most people will be running this as a VM on a host that's already licensed via datacentre server, and the product itself is free, no it doesnt!

          1. Anonymous Coward
            Anonymous Coward

            Re: DC

            "It's not an easy decision, anyway, who should override who and when. Again, there were situations when pilots taking control would have been the right decision, and others when leaving the autopilot control the plane would have been the right one."

            'Most' might, but that sucks for the SMB market where we really need "a server" but reality of the MS world is we need:

            two independent ADs

            File serving

            VPN

            DB server

            General admin box (AV server, UPS control panel, WSUS, CA, DNS)

            That's not enough to justify datacenter server. MS used to offer SBS, but that was a nightmare if you ever outgrew one box. No, I'm not going to Azure. Instead we're balancing the correct number of MS licenses to have, and are continually pursuing options to use less of them.

    2. J27

      I think Microsoft assumes that all of it's customers have at least 250 employees.

  2. Anonymous Coward
    Anonymous Coward

    "you open up a browser (must be Chrome or Edge)"

    Great. Another tool that will depend on the version of the browser you're using, and may not work in the future is some features it's using will be desupported and removed - and it looks even "web applications" are no longer "write once, run everywhere" if you can't use any browser.

    So please, give me back native UI applications which are far easier and faster to use, and have far better backward compatibility, it looks.

    1. Anonymous Coward
      Anonymous Coward

      Re: "you open up a browser (must be Chrome or Edge)"

      Don't worry, this is MS. A some point it won't work with Edge. I've lost count of number of MS sites / applications that don't support their own browsers properly.

    2. chivo243 Silver badge

      Re: "you open up a browser (must be Chrome or Edge)"

      If you want full features, EDGE? No effin way!! I was kind of excited with the announcement of this option, but I'm not getting the warm and fuzzy feeling I was looking forward to... Thanks for finding the pain points El Reg!

      As there are two paths, I will give the 2016 server path a try. Oh, wait, I will have to spin one of those up too!

      1. Professor Clifton Shallot

        Re: "you open up a browser (must be Chrome or Edge)"

        >As there are two paths, I will give the 2016 server path a try.

        >Oh, wait, I will have to spin one of those up too!

        It will run on W2K12 with WMF 5.1.

      2. Anonymous Coward
        Anonymous Coward

        Re: "you open up a browser (must be Chrome or Edge)"

        I wonder what is blocking it on FF.

        On a side note that 3 year-old Chrome issue regarding NTLM/WS is absurd.

        1. kain preacher

          Re: "you open up a browser (must be Chrome or Edge)"

          Not sure if it's blocking FF. I'm running into sties that work correctly on every thing but FF.

    3. Ken Moorhouse Silver badge

      Re: is some features it's using will be desupported and removed

      I've had a spate of instances recently where people are unable to login to their [Microsoft hosted] data. Reason being is that MS changed their minimum password requirements without informing the customer ahead of the change. Whatever happened to the checkbox "Enforce password change at next login"? Nope, these situations involve going right through the entire gnashing of teeth process of "tell us examples of email addresses in your address book", "think of subjects that you've written to others about", "previous passwords", "date of birth", etc etc.

      The great saviour in many cases is the fact that you've also got a device logged into the same account where you can read off some of those answers, but FFS don't logout of that device otherwise you may need to really remember these things.

      Typical example of not thinking things through from concept to roll-out.

  3. bombastic bob Silver badge
    Meh

    Great. Webmin for windows

    title says it

    1. random_username

      Re: Great. Webmin for windows

      20 years late

      1. teknopaul

        Re: Great. Webmin for windows

        "Microsoft’s continuing efforts to promote remote server administration rather than the old-school approach of logging on to a GUI desktop to see what is wrong."

        Microsoft's continuing failure to provide a half decent cli interface.

        If they did you would be able to admin the server on the same cli you used to admin the tools you have running on it.

        Instead you need one gui from microsoft one from each tool vendors both need to implement some api and a third tool for automation. Cli as an after thought.

        Guis for thing you should be automating are a virus.

        Two cli interfaces. Powershell and normal. Is equally painful. You need three (bash) on windows for any sane scripting env.

        Its going to take a few more years of Nadellas effort to shake off the shackles of Windows at Microsoft .

        1. Anonymous Coward
          Anonymous Coward

          Re: Great. Webmin for windows

          What on earth are you talking about? PowerShell provides full .Net access, fully supports OO, object pipleining, async/multi-threading, remoting, SSH remoting, DSC etc. and that is just on Windows, then there's Linux port in v 6, it's fully open source, is both a programming language / environment and a CLI.

          You obviously know nothing about PowerShell, or Windows for that matter, but why let your ignorance get in the way of some Windows bashing eh? Seriously this lazy and arbitrary MS bashing is juvenile and so very boring. If you have a valid issue then fine, but to say that about PowerShell demonstrates you don't have a bloody clue. And I am not an MS fanboi by the way - Linux is by far my favourite OS for work and home.

          I would honestly like to hear what you believe the limitations are - why is PS not half decent or a 'sane' scripting environment? Please share your wisdom with us, I'm eager to learn.

          BTW - For anyone with any idea about what they are doing "Logging on to a GUI desktop to see what is wrong" has not been the preferred way to support Windows servers for a long long time.

        2. TheVogon

          Re: Great. Webmin for windows

          "Microsoft's continuing failure to provide a half decent cli interface."

          Powershell is one of the best CLIs in existence, and far exceed the capabilities of say Bash which most of the *nix world seems to find adequate.

          "If they did you would be able to admin the server on the same cli you used to admin the tools you have running on it."

          Like PowerShell remoting you mean? Or Powershell webaccess ?

        3. FuzzyWuzzys

          Re: Great. Webmin for windows

          You are a complete bellend teknopaul, pretty obvious you've not even opened a PS prompt let alone coded anything in PS.

          I've done 30 years of Unix coding and shell scripting and finding Powershell on Windows was such a breath of fresh air. PS is a superb scripting language, especially the remoting and the hooks into .Net libraries, it's a superb way to jump around an MS network gathering data and stats. Powershell is one of the best things MS have made and other than by hardcore MS admins and Unix admins taking over MS admin work, it's probably one of the least appreciated tools in the MS server toolboox.

          1. Anonymous Coward
            Anonymous Coward

            Re: Great. Webmin for windows

            >>> You are a complete bellend teknopaul, pretty obvious you've not even opened a PS prompt let alone coded anything in PS. I've done 30 years of Unix coding and shell scripting and finding Powershell on Windows was such a breath of fresh air.

            Lol, so you used unix for 30 years, and just as windows and microsoft are finally dying you move to windows / powershell????

            You're the bellend mate. That cheesy small is your career.

          2. bombastic bob Silver badge
            Unhappy

            Re: Great. Webmin for windows

            "I've done 30 years of Unix coding and shell scripting and finding Powershell on Windows was such a breath of fresh air"

            I would've used different words to describe Power[s]hell, with terms like "odious" and "stench".

            And back in the Win 3.x days, I had written a really nice command line interpreter with some of its own enhancements. But after working with POSIX utilties for a while, and being HORRIFIED at the eldritch abomination known as ".Not", I can easily embrace the concept of MANY utilities that "do one thing, well" as opposed to a MONOLITHIC "shell" based on a bass-ackwards "wow, it has OBJECTS now" so-called object-oriented [read: bloated, slow, and inefficient] layer of accessing the otherwise REASONABLE Win32 API.

            I mean, come on, Micro-shaft, wouldn't it be BETTER to just support piping more intelligently, and have a whole array of useful utilities to do 'cool things', rather than CRAM THEM ALL INTO THE SHELL with its 'way too much' approach? Well, you DID create ".Not", so I guess it was the next step in de-evolution...

      2. Ken Hagan Gold badge

        Re: Great. Webmin for windows

        "20 years late"

        Well, MMC was introduced about 20 years ago and gives you an extensible framework for writing server management gizmos. It isn't web-based, since it was introduced about 20 years ago, but that does mean that its communications paths are reliable and securable. It's the non-GUI interface where MS has historically been weak and, as others have already noted, they have largely addressed that in recent years with powershell thingies.

        To what extent is this new offering merely a case of re-arranging the controls and using a new-fangled (and, based on the browser woes, not quite ready for prime time yet) transport layer?

        1. J. Cook Silver badge
          Joke

          Re: Great. Webmin for windows

          " It isn't web-based, since it was introduced about 20 years ago, but that does mean that its communications paths are reliable and securable."

          ...Except where an IE rendering bug with the Exchange 2010 Snap-in caused the MMC to branch to NULL and hang, forcing you to pop open task mangler and gun the process.

          Otherwise, it sure is nice n stable. :)

  4. Anonymous South African Coward Bronze badge

    And how long before serious vulnerabilities are waxing lyrically?

    1. bombastic bob Silver badge
      Trollface

      "And how long before serious vulnerabilities are waxing lyrically?"

      I'm sure they ALREADY ARE!

  5. Anonymous Coward
    Devil

    You're lucky...

    It doesn't need Flash or a certain version of Java...

    1. Franco

      Re: You're lucky...

      Surely it would be Silverlight? ;-)

  6. Anonymous Coward
    Anonymous Coward

    All this to avoid installing ssh and usable command line tools

    You know, the way *nix has been administered for decades (ok, used to be via telnet or rsh but same thing) and still is.

    What a lot of effort MS goes to to re-invent a wheel that always seem to have a puncture in the end though admittedly it comes in pretty colours and plays tunes as you wait for the breakdown guy.

    1. Anonymous Coward
      Anonymous Coward

      Re: All this to avoid installing ssh and usable command line tools

      You forgot to mention all that lovely 'white space' that MS just loves to put into its forms. Fine if you are using a 4K screen rotated 90deg but for us mere mortals/plebs/suckers we will have to make do with our crappy 1366x768 laptops. Mine is an ancient HP one and is 5years old. Replacement? Three years away at the earliest.

      all that lovely scrolling really does hit your productivity especially if the bit of the page off screen gets updated with a status message.

      Don't you just love MS... not.

      roll on March 2020 and retirement. Then I can leave the increasing amounts of stupidity coming out of redmond behind once and for all.

    2. Anonymous Coward
      Anonymous Coward

      @boltar

      Well, in this case I can argue that it was actually effort put to some serious good use. I'll even go further and on the record by saying that I think Microsoft has actually done something right: looked carefully at the way Unix does this and adopted the model, which I actually applaud.

      Or have you missed the fact that all of this is build upon Windows PowerShell? In precise: PowerShell remote? What SSH is to my FreeBSD server is PowerShell ('remoting') to a Windows server. And I say so because I use both every day.

      I use PuTTY to log onto my FreeBSD server over SSH and I use PowerShell to log into my Windows server to check up on specific aspects but remotely (usually I don't even have to log on, for example: Get-EventLog -ComputerName Effortless -LogName application -Newest 16).

      So the main difference is that instead of having to type get-eventlog you can now use a browser based GUI.

      MS does a lot of things wrong but in this case I think they at least got the basis right.

    3. Anonymous Coward
      Anonymous Coward

      Re: All this to avoid installing ssh and usable command line tools

      SSH is not different from remote desktop - just you don't have a GUI but a character shell only on the remote machine.

      Proper remoting is actually a different thing - you have a GUI or shell locally, and commands invoke a remote API to perform tasks.

      The difference is that with a shell you have far broader access. With proper remoting, you can restrict more easily what someone can do on a remote machine. Just, proper remoting requires more effort to implement than a simple shell.

      1. Anonymous Coward
        Anonymous Coward

        Re: All this to avoid installing ssh and usable command line tools

        "The difference is that with a shell you have far broader access. With proper remoting, you can restrict more easily what someone can do on a remote machine. Just, proper remoting requires more effort to implement than a simple shell."

        Wtf are you talking about?

        I have no idea how windows implements its shell permissions but apparently it seems you need to go learn about unix's user, group and world read/write/execute permissions. Welcome to 1970.

        (And thats the basic stuff, there's also access control lists, chroot jails, containers and the bells and whitsles of SE Linux).

        1. TheVogon

          Re: All this to avoid installing ssh and usable command line tools

          "I have no idea how windows implements its shell permissions but apparently it seems you need to go learn about unix's user, group and world read/write/execute permissions. Welcome to 1970."

          Bing "Just Enough Administration" and then you will understand the difference. Windows has rather more granular options.

          1. Anonymous Coward
            Anonymous Coward

            Re: All this to avoid installing ssh and usable command line tools

            "Bing "Just Enough Administration" and then you will understand the difference. Windows has rather more granular options."

            I googled (sorry, don't like bing) and no it doesn't. I suggest you google the "unix restricted shell".

    4. bombastic bob Silver badge
      Facepalm

      Re: All this to avoid installing ssh and usable command line tools

      "What a lot of effort MS goes to to re-invent a wheel" (etc.)

      yeah, they've had the 'command.com' square tires since MS-DOS days, and didn't want to shift over to something like csh or bash (an obviously superior, yet similar-enough way of doing command shells).

      ".Not" is a symptom of a paradigm that is ANTI-PRODUCTIVE, unnecessarily "detail-complex", monolithic, bloated, vogon-bureaucratic, inefficient, and BASS-ACKWARDS. And PowerHell is NOT helping by effectively "wrapping" it like a boar in a naughty nightie (and lipstick not even on the oinky end].

      Give me something like bash, ps, awk, kill, grep, sed, and top, along with stdin/stdout piping THAT ACTUALLY WORKS, and it's a fair bet that I can admin your system without spending hours and hours trying to figure out the details and the nuances of PowerHell and bass-ackwards BLOAT like ".Not".

      You know, like, maybe, CYGWIN???

      (if, that is, CYGWIN could manage some of the windowsie nuances that seems to fight against it, things like permissions on files, for example... but Micro-shaft COULD fix this. They just DON'T.)

  7. Wade Burchette

    Bad bad idea

    Several years ago, I installed Exchange 2013 on a test server. This version of Exchange only has a web console. On a new install of Server 2012 R2, I added the Essentials role. I then followed the install instructions from Microsoft to the letter. Exchange installed without issue, but nowhere did Microsoft tell me or anyone that the Essentials role was incompatible with Exchange.

    So installed Server 2012 R2 fresh and tried again, again following Microsoft's instructions to the letter. Exchange installed and this time the web console actually came up. But it only told me "something went wrong". The Exchange powershell program didn't work either.

    So now the third time. But this time I bought a book, which included steps Microsoft did not. Fresh install of Server 2012 R2 again, followed the book's instructions to the letter, and SUCCESS! Finally, everything worked. So I set up several users and tested everything I needed at the time. 2 months later I go back to the web console ... "something went wrong". I did nothing on the test server except install Windows updates. Nothing else. Literally, nothing else. The Exchange powershell still worked, so I could manage users that way and everything else still worked. (A year and a half later, everything for this Exchange stopped working: calendar, email, powershell, everything. And this despite me not doing a thing.)

    The point is, this is Microsoft. A web admin console will never be released in a working state. The first few times you use it, it may work. But can you guarantee it won't stop working even though you did nothing to affect it? I have a QNap NAS. That web admin console just works. Microsoft has some brilliant programmers who are hamstrung by idiot managers chasing fads. Idiot managers do not care about something working, they care about a new shiny. A new admin console is shiny, once it works for their limited testing, it will be a low priority to make sure it stays working for everyone because the programmers who designed it will be moved to a new shiny. As my experience with Exchange 2013 shows, this is a very bad idea all around.

  8. Anonymous Coward
    Anonymous Coward

    Sorry, this still isn't going to make me install core version.

    GUI forever!

  9. oiseau
    Facepalm

    Two problems

    ... promises to be a coherent central point of management for organisations too small to run System Center, Microsoft’s suite of enterprise administration tools.

    As this is MS we're talking about, I see two problems right at the start of the piece:

    - promises

    - coherent

    No one else noticed?

    Tsk, tsk.

    1. Anonymous Coward
      Anonymous Coward

      Re: Two problems

      There is a possible third problem

      MS seems to love charging you to access your clients. I wonder how much the CALS will cost you?

      If it is free then MS will have to jack up some other prices to compensate for this (in their estimate) huge loss of income.

      In a previous role, I had many a battle with MS over licensing especially how many CALS were needed.

      According to them we needed one for every PC on the network even though 95% of them were subnetted off from the servers and could not access the server yet we were supposed to pay for something that could never happen. Typical MS. Leopard, spots and all that.

  10. johnnyblaze

    They should have called it 'Windows Administration Network Center' - WANC for short.

    1. Fungus Bob

      'Windows Administration Network Kiosk, Edge Required"

  11. steviebuk Silver badge

    Maybe...

    ..I'm just getting old but why can't they just leave things alone. I don't want yet another fing app I have to learn.

    1. bombastic bob Silver badge
      FAIL

      Re: Maybe...

      " I don't want yet another fing app I have to learn."

      ack. How about "yet another F'ing":

      a) API

      b) user interface

      c) subsystem

      d) method for administration

      e) command line interpreter

      f) license license license

      g) EULA EULA EULA

      Micro-shaft: getting things horribly wrong throughout the 21st century.

      (note: I liked Microsoft things up until Ballmer's ".Not" initiative, around 2003, as XP was releasing. I didn't mind XP. But I _DESPISE_ ".Not", C-pound, and all of their 'new, shiny' since then [though windows 7 is 'ok']. If they'd stuck with the UI of Windows 2000, with its efficient performance even on a Pentium I machine, or even XP, I'd be VERY happy).

    2. Anonymous Coward
      Anonymous Coward

      Re: Maybe...

      "Maybe...

      ..I'm just getting old but why can't they just leave things alone. I don't want yet another fing app I have to learn."

      You don't have to. All the other tools are still there if you want to keep using them. This just gives you another option if you choose to use it.

  12. Anonymous Coward
    Linux

    From the desk of /dev/null

    Can't install on Linux. Epic fail.

  13. SVV

    Nice to find out all the crap I'll be missing out on

    One and only Windows server ditched over 8 years ago : what a happy decision that truly has turned out to be. I'm sure the eager upgraders are looking forward to what this article shows will be the usual dog's breakfast of clunky admin tools chockablock with issues and restrictions that only run in an MS Browser under proprietory MS protocols on the hyper stable and totally bug free very latest version of Windows 10 . It's 2018 and we find out it's still impossible on Windows to copy and paste between a remote desktop and a local one. I had to speed read over the section detailing the restrictions on trying to successfully use Active Directory on Azure with this product as I don't want to bend my mind into waking up from horrific nightmares about such things any more.

  14. IGnatius T Foobar

    Slowly...

    It's a browser based application that does the equivalent of managing a Unix machine over an SSH connection. Slowly but surely, like every other operating system, Windows is turning into Unix. They all do eventually.

    1. TheVogon

      Re: Slowly...

      "The equivalent of managing a Unix machine over an SSH connection."

      That would be more Powershell webaccess which has existed for ages.

      "Slowly but surely, like every other operating system, Windows is turning into Unix."

      It doesnt need to - you can run run Linux code under Winxows. And many things in windows are like *nix inprinciple, but done better. For instance a more powerfuk advanced and secure shell, more granular ACLs and security model including auditing. A proper configuration database instead of text files. Constrained delegation, Discretionary Access Control and Just Enough Administration type features by default, etc.

      The advantage Microsoft have of course is with hindsight that they can rip off the principles of *nix features but do it better.

      1. Paul Hovnanian Silver badge

        Re: Slowly...

        "a more powerfuk"

        Freud called. Your slip is showing.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like