stackoom
  简体   繁体   中英

Securing JEA (Just Enough Administration)

 原文  2021-01-25 18:38:06       powershell/ windows-server-2016

Question

I have recently deployed a JEA endpoint on a few Domain Controllers for a user (Domain User, non privileged). The user had to be added to "Remote Management Users" AD group in order to have the ability to Powershell into a these DCs. It occurred to me that outside of the provided, confined endpoint, the user can create sessions to default Powershell endpoint which has access to everything.

Following the great article , I would have to add the user under the permissions of the default windows.powershell endpoint which isn't a straight forward process.

What would be the sensible way to confine the given user to just the one particular endpoint?

Many thanks,

0 answers

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Just Enough Administration - Command returning 'Priviledge not held.' JEA Invoke Command Issue Powershell JEA Security hole with commands embedded in functions? PowerShell 5 remoting - JEA with RunAsCredential and Select-Object -Unique MDT Module Updating Media through JEA Endpoint fails adding BCD entry Securing passwords in PowerShell scripts command line/Powershell administration of networks behind NAT PowerShell change printer configuration from Administration tab Remote Administration of Local Permissions and Local Users/Groups Securing Credentials properly in DSC using Azure Automation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM