Yes the RBAC role will be to access the servers but you can also configure it for your gateway because your gateway can also be a server :)
Maybe you try to limit the access via the Firewall rule "SmeInboundOpenException"
Windows Admin Center: how to limit https access?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 5%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
TRÖSTER Joachim
6
Reputation points
I have installed Windows Admin Center on a 2019 server.
My problem: everyone can access it on https!!
There is nor firewall rule, there is no IIS. Even normal domain user can login (of course they cant connect to any server from there).
So how can I limit who can even logon? Normal I would utilize Windows Firewall or even IIS, but there are no firewall rules nor do I find an IIS.
Windows for business | Windows Server | User experience | Other
6 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 79%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Clément BETACORNE 2,501 Reputation points2021-11-08T15:32:50.11+00:00 -
TRÖSTER Joachim 6 Reputation points
2021-11-10T08:45:50.833+00:00 "Yes the RBAC role will be to access the servers but you can also configure it for your gateway because your gateway can also be a server :)" -> but the RBAC roles limit access to other ports than https?? I only need to limit the https access to the gateway. Why does MS make this so hard?
There is no "SmeInboundOpenException" in the inbound rules. For testing i blocked port 443 in the windows firewall completely - i can still connect to WAC from my workstation. It's not honoring the Windows firewall!?
Sign in to comment -
-
TRÖSTER Joachim 6 Reputation points
2021-11-08T14:52:29.197+00:00 I understood I need the RBAC only to access the servers, not the gateway?
I only need to limit the https access to the gateway. -
Clément BETACORNE 2,501 Reputation points
2021-11-08T14:12:58.427+00:00 Ok, did you enable the RBAC on your gateway ?
It's located under your gateway on the Settings part (Where you have File shares, environment variables, etc...)
After that you will be able to manage the access via the new roles :- Windows Admin Center Administrators
- Windows Admin Center CredSSP Administrators
- Windows Admin Center Hyper-V Administrators
- Windows Admin Center Readers
Because these are local groups you should use GPOs to configure it
Regards,
-
TRÖSTER Joachim 6 Reputation points
2021-11-08T11:45:48.65+00:00 The problem is, that in "Gateway Access" under "Allowed groups" I cant add any groups. The "Add" button is missing.
-
Clément BETACORNE 2,501 Reputation points
2021-11-08T10:14:05.283+00:00 Hello,
Did you try to configure the access via Active Directory groups ?
Below you have an article regarding how you can use this to restrict access :
https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/configure/user-access-control#active-directory-or-local-machine-groupsBest Regards,
-
TRÖSTER Joachim 6 Reputation points
2021-11-08T10:22:54.927+00:00 The article tells me: "On the Users tab you can control who can access Windows Admin Center as a gateway user."
Well, on settings -> "user" I only can configure my user.
On "Gateway" -> "access" I can only configure Azure AD. The "Allowed groups" is empty and nothing I can do there.
Sign in to comment -