Windows Admin Center on Server 2019- Enableing RBAC on WAC

RAWAT Virender OBS/OCB 67 Reputation points
2022-09-01T12:28:13.12+00:00

Hi Team,

Can I enable RBAC to use Windows Admin Center?
Like,
I have created 3 Groups of people.

  1. Administrator >>> full Access to WAC environment.
  2. System Administrator >> they Can create VM, shutdown, reset VM
  3. Help Desk >> They Can only View WAC but are not able to perform any Activity on WAC.

is this possible ? if yes so please suggest the steps.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,081 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. JimmySalian-2011 41,916 Reputation points
    2022-09-01T12:35:30.47+00:00

    Hi,

    Yes it is possible, please follow the article and at this moment you cannot create or use custom roles as per the requirement but the basic RBAC model is available:

    user-access-options

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. RAWAT Virender OBS/OCB 67 Reputation points
    2022-09-02T11:08:35.127+00:00

    Thanks, Jimmy,
    my issue is still not resolved yet..
    let me share what steps I followed here.
    I have created user and AD Group
    AD Group >> WACHelpdesk
    User Name >> WAChelp

    I have added the above AD Group to windows Admin center > Settings > Access>> add Gateway user.

    Not, I am able to connect with WAC with the helpdesk user but not able to add any server or Cluster here.

    its says, ErrorYour credentials didn’t work—try again..

    0 comments No comments

  3. JimmySalian-2011 41,916 Reputation points
    2022-09-02T11:16:29.533+00:00

    Hi,

    You need to enable the JIT access on the servers you will be managing, just follow the steps and script if you have multiple servers to enable JIT and access to manage the servers.

    237226-image.png

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  4. RAWAT Virender OBS/OCB 67 Reputation points
    2022-09-05T08:01:42.27+00:00

    Hi Team,

    still issue is there!! let me explain my steps

    1. I am testing over HCI plateform. i have created 3 nodes cluster and enabled Role Based Access control on each Nodes.

    =====================================================

    Role-based access control
    Role-based access control:Applied
    You can help increase security by using role-based access control (RBAC) to grant users just enough administration ability in Windows Admin Center, without making them administrators on the computer. You can assign users to one of the following roles:
    Windows Admin Center Administrators
    Allows users to view and manage most tools.
    Windows Admin Center Hyper-V-Administrators
    Allows users to manage Hyper-V virtual machines and switches. Other tools are available in read-only mode.
    Windows Admin Center Readers
    Allows users to view most tools, but doesn't allow them to make any changes.

    =========================================================

    I have created 2 user and added that user to "windows Admin Center Readers" Group (Lusrmgr.msc).

    Now when i login with that user and trying to access Cluster so it looks login but getting error and its keep loading..

    Error: RemoteException: The term 'New-CimSession' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

    0 comments No comments