Windows Admin Center: how to limit https access?

TRÖSTER Joachim 6 Reputation points
2021-11-05T08:38:12.41+00:00

I have installed Windows Admin Center on a 2019 server.
My problem: everyone can access it on https!!
There is nor firewall rule, there is no IIS. Even normal domain user can login (of course they cant connect to any server from there).

So how can I limit who can even logon? Normal I would utilize Windows Firewall or even IIS, but there are no firewall rules nor do I find an IIS.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,913 questions
0 comments No comments
{count} votes

6 answers

Sort by: Most helpful
  1. Clément BETACORNE 2,031 Reputation points
    2021-11-08T10:14:05.283+00:00

    Hello,

    Did you try to configure the access via Active Directory groups ?
    Below you have an article regarding how you can use this to restrict access :
    https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/configure/user-access-control#active-directory-or-local-machine-groups

    Best Regards,


  2. TRÖSTER Joachim 6 Reputation points
    2021-11-08T11:45:48.65+00:00

    The problem is, that in "Gateway Access" under "Allowed groups" I cant add any groups. The "Add" button is missing.

    0 comments No comments

  3. Clément BETACORNE 2,031 Reputation points
    2021-11-08T14:12:58.427+00:00

    Ok, did you enable the RBAC on your gateway ?
    It's located under your gateway on the Settings part (Where you have File shares, environment variables, etc...)
    After that you will be able to manage the access via the new roles :

    • Windows Admin Center Administrators
    • Windows Admin Center CredSSP Administrators
    • Windows Admin Center Hyper-V Administrators
    • Windows Admin Center Readers

    Because these are local groups you should use GPOs to configure it

    Regards,

    0 comments No comments

  4. TRÖSTER Joachim 6 Reputation points
    2021-11-08T14:52:29.197+00:00

    I understood I need the RBAC only to access the servers, not the gateway?
    I only need to limit the https access to the gateway.

    0 comments No comments

  5. Clément BETACORNE 2,031 Reputation points
    2021-11-08T15:32:50.11+00:00

    Yes the RBAC role will be to access the servers but you can also configure it for your gateway because your gateway can also be a server :)
    Maybe you try to limit the access via the Firewall rule "SmeInboundOpenException"


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.