On the Users tab, you can control who can access Windows Admin Center as a gateway user. If you have an Active Directory domain, you can manage gateway user and administrator access from within the Windows Admin Center interface. Active Directory or local machine groupsīy default, Active Directory or local machine groups are used to control gateway access.
This is because most Windows Admin Center tools require administrative permissions to use. To manage a target server, the connecting user must use credentials (either through their passed-through Windows credential or through credentials provided in the Windows Admin Center session using the Manage as action) that have administrative access to that target server. This group is especially useful for installations of Windows Admin Center in desktop mode, where only the user account that installed Windows Admin Center is given these permissions by default.Īccess to the gateway doesn't imply access to managed servers visible by the gateway. Windows Admin Center CredSSP Administrators are registered with the Windows Admin Center CredSSP endpoint and have permissions to perform predefined CredSSP operations. There is also an additional role specific to the management of CredSSP: Local administrators on the gateway machine are always administrators of the Windows Admin Center gateway service. Only gateway administrators can view and configure the Access settings in Windows Admin Center. Gateway administrators can configure who gets access as well as how users authenticate to the gateway. Gateway users can connect to the Windows Admin Center gateway service to manage servers through that gateway, but they can't change access permissions nor the authentication mechanism used to authenticate to the gateway. There are two roles for access to the Windows Admin Center gateway service: Group based access in Windows Admin Center is not supported in workgroup environments or across non-trusted domains.
0 kommentar(er)
