J j-j-jea power

•Download as PPTX, PDF•

0 likes•206 views

James Honeycutt

PowerShell Jea Presentation given at BSidesCharm 2019

Technology

About Me
• 23Years Military Service
• 19Years Windows Environment
• SANs Mentor (GCIH/SEC504, GCWN/SEC505)
• Self taught PowerShell
• Passion for PowerShell
Twitter: @jay_Honeycutt
LinkedIn: james-honeycutt

What is PowerShell JEA
• “Just Enough Administration (JEA) is a security technology that enables delegated
administration for anything that can be managed with PowerShell.” –Microsoft
• “Just like keys on a key chain” – Jeffery Snover
• “Really cool way to empower my users and fellow admins” – James Honeycutt
• Allows common users to perform admin functions (when properly configured)
• Not a project, it is an ongoing task

Requirements
• Client
Win 10 1511 or higher
Win 8, 8.1
Win 7
• Server
2016
2012, 2012r2
2008r2
• WMF 5 (Windows Management Framework)
• PowerShell Remoting

How ItWorks
• User/Admin uses PowerShell remoting to access remote server using the Session
configuration file and using “Runas”
• A virtual Admin account is created and used duringTHIS SESSION ONLY
• The virtual admin technically has access to all command lets, but only shows the
user what they are entitled to, based on the Role Capabilities File
• User does what they need to, exits remote pssession, andVirtual Account is
deleted.

$Role Capabilities File • Controls what Commandlets, Modules, Functions, and Parameters are allowed • New-PSRoleCapabilityFile -Path .MyFirstJEARole.psrc • VisibleCmdlets = • @{ Name = 'Restart-Service'; Parameters = @{ Name = 'Name';ValidateSet = 'Dns', 'Spooler' }}, • @{ Name = 'Start-Website'; Parameters = @{ Name = 'Name';ValidatePattern = 'HR_*' }} • VisibleExternalCommands = 'C:WindowsSystem32whoami.exe', 'C:Program FilesContosoScriptsUpdateITSoftware.ps1'$

Session Configurations
• Controls who can log in and determines what role capability file to use.
• Virtual accounts are created on the fly and are used for the one session only. Will
have local rights on endpoint and member servers or domain admin rights on DC
• SpecifiedVirtual accounts can be specified, but must be in the appropriate local
group. Group Managed Service Accounts can be used if the user needs network
resources. (Harder to trace back to a specific user)

$Session Configuration File • New-PSSessionConfigurationFile -SessionType RestrictedRemoteServer -Path .MyJEAEndpoint.pssc • RunAsVirtualAccount = $true • TranscriptDirectory = 'C:ProgramDataJEAConfigurationTranscripts’ • RoleDefinitions = @{ • 'CONTOSOJEA_DNS_ADMINS' = @{ RoleCapabilities = 'DnsAdmin', 'DnsOperator', 'DnsAuditor’ } • 'CONTOSOJEA_DNS_OPERATORS' = @{ RoleCapabilities = 'DnsOperator', 'DnsAuditor’ } • 'CONTOSOJEA_DNS_AUDITORS' = @{ RoleCapabilities = 'DnsAuditor' } • }$

How It AllWorksTogether
Enter-Pssession –name <SVR> –endpoint <SessionConfig>
Roles
Cap. File

What Next
• Implementing is not a project, it is an ongoing task
• It empowers your users and fellow admins
•It makes them feel like………

References & Further Reading
• https://docs.microsoft.com/en-us/powershell/jea/overview
• https://docs.microsoft.com/en-us/powershell/jea/role-capabilities
• https://docs.microsoft.com/en-us/powershell/jea/session-configurations
• SANs SEC505:Windows Security and PowerShell Automation
• https://www.youtube.com/watch?v=zftC6eDzRJY&t=1025s
• https://www.youtube.com/watch?v=f_Dd5fRXixY
Twitter: @jay_Honeycutt
LinkedIn: james-honeycutt

What's hot

Seminar Windows Server 2012 features

Microsoftid

WebLogic JMX for DevOps

Frank Munz

Stories of data breaches caused by stolen or guessed passwords have increased scrutiny around login practices. Multi-factor authentication has become best practice for strengthening login security and is now required by regulations such as the latest PCI Data Security Standard, the New York Department of Financial Services’ Cybersecurity Regulation (23 NYCRR 500) and more. Join us as we discuss how multi-factor authentication can be implemented for IBM i users to strengthen security and meet compliance requirements. During this webinar, you will learn more about: - What true multi-factor authentication really is - Authentication options and tradeoffs - Tips on implementing multi-factor authentication for IBM i

Strengthen Password Security for IBM i With Multi-Factor Authentication

Precisely

Oracle WebLogic Server Basic Concepts

James Bayer

Weblogicserveroverviewtopologyconfigurationadministration 1227546826890714-9

Mohammed Khan

Authentication in microservice systems - fsto 2017

Dejan Glozic

SQL Queries on Smalltalk Objects First Name: James Last Name: Foster Type: Talk Video: https://www.youtube.com/watch?v=56956-yPofs Abstract: Object-oriented programming (OOP) languages are very popular and relational database management systems (RDBMSs) are likewise common, but there is a well-known "impedance mismatch" when they interact. Much work has gone into bridging that gap by allowing objects from an OOP application to be saved in an RDBMS (see GLORP). On the other hand, comparatively little effort has gone into presenting objects from an OOP environment or application directly to RDBMS tools. This functionality would be useful because many RDBMS tools exist that simplify the end-user's exploration of data, but that capability is not available until the data has been stored in the RDBMS. This functionality is one of the most common high-level feature-requests for GemStone/S by those who are evaluating it as a database (“Can I use my familiar query tools?”). In this talk we will discuss a project to create a library that parses SQL queries (using PetitParser) and evaluates Smalltalk code that builds a result sets to be returned to the external tools. Bio: As a junior-high student in 1971, James discovered the local university’s computer center and a life-long obsession with computers began. He was introduced to Smalltalk/V for the Mac in the mid-90s, and became a Smalltalk bigot. James is Director of Operations for GemTalk Systems and is a passionate advocate for GemStone and all things Smalltalk.

SQL Queries on Smalltalk Objects

ESUG

Wally Mead - Upgrading to system center 2012 r2 configuration manager

Nordic Infrastructure Conference

TechMentor 2012: Deploying Windows Server 2012 Server Core

Harold Wong

Microservices and Self-contained System to Scale Agile

Eberhard Wolff

What's hot (10)

Seminar Windows Server 2012 features

WebLogic JMX for DevOps

Strengthen Password Security for IBM i With Multi-Factor Authentication

Oracle WebLogic Server Basic Concepts

Weblogicserveroverviewtopologyconfigurationadministration 1227546826890714-9

Authentication in microservice systems - fsto 2017

SQL Queries on Smalltalk Objects

Wally Mead - Upgrading to system center 2012 r2 configuration manager

TechMentor 2012: Deploying Windows Server 2012 Server Core

Microservices and Self-contained System to Scale Agile

Similar to J j-j-jea power

Windows 2012 R2 Multi Server Management

Sharkrit JOBBO

PowerShell - Be A Cool Blue Kid

Matthew Johnson

Just Enough Administration, also known as JEA, has been around for several years. It has been actively updated by the PowerShell team and you might have experimented with the technology. In this session, I will take you through the process of setting up your first JEA configuration, discuss the pitfalls and common issues. Furthermore, I will show several ways to analyze and secure your configuration.

Building your own JEA Configuration

Jaap Brasser

I hunt sys admins 2.0

Will Schroeder

Service management Dec 11

Richard Conway

Powering up on PowerShell - BSides Greenville 2019

Fernando Tomlinson, CISSP, MBA

Security is more critical than ever with new computing environments in the cloud and expanding access to the internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments. Topics will include general security tools, how to configure those for MongoDB, and security features available in MongoDB such as LDAP, SSL, x.509 and Authentication.

SSecuring Your MongoDB Deployment

MongoDB

Attackers don’t just search for technology vulnerabilities, they take the easiest path and find the human vulnerabilities. Drive by web attacks, targeted spear phishing, and more are commonplace today with the goal of delivering custom malware. In a world where delivering custom advanced malware that handily evades signature and blacklisting approaches, and does not depend on application software vulnerabilities, how do we understand when are environments are compromised? What are the telltale signs that compromise activity has started, and how can we move to arrest a compromise in progress before the attacker laterally moves and reinforces their position? The penetration testing community knows these signs and artifacts of advanced malware presence, and it is up to us to help educate defenders on what to look for.

BSIDES-PR Keynote Hunting for Bad Guys

Joff Thyer

Server 2016 sneak peek

Michael Rüefli

Dakotacon 2017

Blue Teamer

Automating That "Other" OS

Julian Dunn

Ansible: How to Get More Sleep and Require Less Coffee

Sarah Z

Opscode Webinar: Cooking with Chef on Microsoft Windows

Chef Software, Inc.

PowerShellForDBDevelopers

Bryan Cafferky

This session will demonstrate how to create SharePoint 2013 (and 2010) environment in your private cloud on demand. System Center family of product allow you to create SharePoint environments very easily and on demand. In demonstration we will show how to create templates that will be automatically created with System Center Virtual Machine Manager. This is a great feature that you can use for testing and development purposes. In this session will be also covered basics of other System Center products that can help you with provisioning, managing and orchestrating SharePoint environments.

SharePoint on demand with System Center - Matija Blagus

SPC Adriatics

Issac Resume

issac devaraj

This session introduces tools that can help you analyze and troubleshoot performance with SharePoint 2013. This sessions presents tools like perfmon, Fiddler, Visual Round Trip Analyzer, IIS LogParser, Developer Dashboard and of course we create Web and Load Tests in Visual Studio 2013. At the end we also take a look at some of the tips and best practices to improve performance on SharePoint 2013.

SharePoint 2013 Performance Analysis - Robi Vončina

SPC Adriatics

Powering up on power shell avengercon - 2018

Fernando Tomlinson, CISSP, MBA

Lateral Movement - Phreaknik 2016

Xavier Ashe

A session in the DevNet Zone at Cisco Live, Berlin. On Cisco Nexus devices, configuration is performed using command-line interfaces (CLIs) that run only on the device. Configuration Management Tools allow you to automate the network devices configuration in the same way sysadmin have automated the server configuration. These tools include Puppet, Chef and Ansible. We will be introducing the concept of each of them, agent vs agent-less and demoing some use cases. We will also describe some of the technology enablers like NX-API REST that allows you to enable configurations that would require issuing many CLI commands by combining configuration actions in relatively few HTTP/HTTPS operations."

Configuration Management Tools on NX-OS

Cisco DevNet

Similar to J j-j-jea power (20)

Windows 2012 R2 Multi Server Management

PowerShell - Be A Cool Blue Kid

Building your own JEA Configuration

I hunt sys admins 2.0

Service management Dec 11

Powering up on PowerShell - BSides Greenville 2019

SSecuring Your MongoDB Deployment

BSIDES-PR Keynote Hunting for Bad Guys

Server 2016 sneak peek

Dakotacon 2017

Automating That "Other" OS

Ansible: How to Get More Sleep and Require Less Coffee

Opscode Webinar: Cooking with Chef on Microsoft Windows

PowerShellForDBDevelopers

SharePoint on demand with System Center - Matija Blagus

Issac Resume

SharePoint 2013 Performance Analysis - Robi Vončina

Powering up on power shell avengercon - 2018

Lateral Movement - Phreaknik 2016

Configuration Management Tools on NX-OS

Recently uploaded

The presentation was made in “Web3 Fusion: Embracing AI and Beyond” is more than a conference; it's a journey into the heart of digital transformation. The conference a provided a platform where the future of technology meets practical application. This three-day hybrid event, set in the heart of innovation, served as a gateway to the latest trends and transformative discussions in AI, Blockchain, IoT, AR/VR, and their collective impact on the information space.

AI in Action: Real World Use Cases by Anitaraj

AnitaRaj43

Design and Development of a Provenance Capture Platform for Data Science

Paolo Missier

Architecting Cloud Native Applications

WSO2

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

Exploring Multimodal Embeddings with Milvus

Zilliz

Key topics covered: - Understanding the basics of IAM and its significance in the modern enterprise. IAM in a platformless environment - Tackling real-world issues like prioritizing frictionless yet secure user access, securing high-value APIs, integrating to business, compliance, and adapting to cloud native environments with scalable solutions - Practical demonstrations of how WSO2 products can be instrumental in deploying efficient IAM solutions - Preparing for upcoming trends and innovations in identity management

Navigating Identity and Access Management in the Modern Enterprise

WSO2

How to Check CNIC Information Online with Pakdata cf

danishmna97

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover: The overall software architecture for VHR’s Cloud Data Platform Critical decision points leading to adoption of Ballerina for the CDP Ballerina’s role in multiple evolutionary steps to the current architecture Roadmap for the CDP architecture and plans for Ballerina WSO2’s partnership in bringing continual success for the CD

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

WSO2

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Decarbonising Commercial Real Estate: The Role of Operational Performance

IES VE

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....

rightmanforbloodline

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Recently uploaded (20)

AI in Action: Real World Use Cases by Anitaraj

Design and Development of a Provenance Capture Platform for Data Science

Architecting Cloud Native Applications

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Vector Search -An Introduction in Oracle Database 23ai.pptx

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

WSO2's API Vision: Unifying Control, Empowering Developers

Exploring Multimodal Embeddings with Milvus

Navigating Identity and Access Management in the Modern Enterprise

How to Check CNIC Information Online with Pakdata cf

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

[BuildWithAI] Introduction to Gemini.pdf

Why Teams call analytics are critical to your entire business

Decarbonising Commercial Real Estate: The Role of Operational Performance

AWS Community Day CPH - Three problems of Terraform

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

J j-j-jea power

1. J-J-J-JEA POWER James Honeycutt

3. About Me • 23Years Military Service • 19Years Windows Environment • SANs Mentor (GCIH/SEC504, GCWN/SEC505) • Self taught PowerShell • Passion for PowerShell Twitter: @jay_Honeycutt LinkedIn: james-honeycutt

6. What is PowerShell JEA • “Just Enough Administration (JEA) is a security technology that enables delegated administration for anything that can be managed with PowerShell.” –Microsoft • “Just like keys on a key chain” – Jeffery Snover • “Really cool way to empower my users and fellow admins” – James Honeycutt • Allows common users to perform admin functions (when properly configured) • Not a project, it is an ongoing task

7. Requirements • Client Win 10 1511 or higher Win 8, 8.1 Win 7 • Server 2016 2012, 2012r2 2008r2 • WMF 5 (Windows Management Framework) • PowerShell Remoting

8. How does it work?

9. How ItWorks • User/Admin uses PowerShell remoting to access remote server using the Session configuration file and using “Runas” • A virtual Admin account is created and used duringTHIS SESSION ONLY • The virtual admin technically has access to all command lets, but only shows the user what they are entitled to, based on the Role Capabilities File • User does what they need to, exits remote pssession, andVirtual Account is deleted.

10. Role Capabilities File • Controls what Commandlets, Modules, Functions, and Parameters are allowed • New-PSRoleCapabilityFile -Path .MyFirstJEARole.psrc • VisibleCmdlets = • @{ Name = 'Restart-Service'; Parameters = @{ Name = 'Name';ValidateSet = 'Dns', 'Spooler' }}, • @{ Name = 'Start-Website'; Parameters = @{ Name = 'Name';ValidatePattern = 'HR_*' }} • VisibleExternalCommands = 'C:WindowsSystem32whoami.exe', 'C:Program FilesContosoScriptsUpdateITSoftware.ps1'

11. Session Configurations • Controls who can log in and determines what role capability file to use. • Virtual accounts are created on the fly and are used for the one session only. Will have local rights on endpoint and member servers or domain admin rights on DC • SpecifiedVirtual accounts can be specified, but must be in the appropriate local group. Group Managed Service Accounts can be used if the user needs network resources. (Harder to trace back to a specific user)

12. Session Configuration File • New-PSSessionConfigurationFile -SessionType RestrictedRemoteServer -Path .MyJEAEndpoint.pssc • RunAsVirtualAccount = $true • TranscriptDirectory = 'C:ProgramDataJEAConfigurationTranscripts’ • RoleDefinitions = @{ • 'CONTOSOJEA_DNS_ADMINS' = @{ RoleCapabilities = 'DnsAdmin', 'DnsOperator', 'DnsAuditor’ } • 'CONTOSOJEA_DNS_OPERATORS' = @{ RoleCapabilities = 'DnsOperator', 'DnsAuditor’ } • 'CONTOSOJEA_DNS_AUDITORS' = @{ RoleCapabilities = 'DnsAuditor' } • }

13. How It AllWorksTogether Enter-Pssession –name <SVR> –endpoint <SessionConfig> Roles Cap. File

14. DemoTime

15. What Next • Implementing is not a project, it is an ongoing task • It empowers your users and fellow admins •It makes them feel like………

16.

17. References & Further Reading • https://docs.microsoft.com/en-us/powershell/jea/overview • https://docs.microsoft.com/en-us/powershell/jea/role-capabilities • https://docs.microsoft.com/en-us/powershell/jea/session-configurations • SANs SEC505:Windows Security and PowerShell Automation • https://www.youtube.com/watch?v=zftC6eDzRJY&t=1025s • https://www.youtube.com/watch?v=f_Dd5fRXixY Twitter: @jay_Honeycutt LinkedIn: james-honeycutt

Editor's Notes

If the roles supported by this JEA endpoint are all used to manage the local machine, and a local administrator account is sufficient to run the commands succesfully, you should configure JEA to use a local virtual account. Virtual accounts are temporary accounts that are unique to a specific user and only last for the duration of their PowerShell session. On a member server or workstation, virtual accounts belong to the local computer's Administrators group, and have access to most system resources. On an Active Directory Domain Controller, virtual accounts belong to the domain's Domain Admins group.
https://docs.microsoft.com/en-us/powershell/jea/role-capabilities For example, consider the role of a file server admin who wants to check which network shares are hosted by the local machine. One way to check is to use net share. However, allowing net.exe is very dangerous becuase the admin could just as easily use the command to gain admin privileges with net group Administrators unprivilegedjeauser /add. A better approach is to allow Get-SmbShare which achieves the same result but has a much more limited scope.
https://docs.microsoft.com/en-us/powershell/jea/session-configurations You can open the session configuration file in any text editor. The -SessionType RestrictedRemoteServer field indicates that the session configuration will be used by JEA for secure management. Sessions configured this way will operate in NoLanguage modeand only have the following 8 default commands (and aliases) available: Clear-Host (cls, clear) Exit-PSSession (exsn, exit) Get-Command (gcm) Get-FormatData Get-Help Measure-Object (measure) Out-Default Select-Object (select)
https://docs.microsoft.com/en-us/powershell/jea/session-configurations

J j-j-jea power

Recommended

Recommended

More Related Content

What's hot

What's hot (10)

Similar to J j-j-jea power

Similar to J j-j-jea power (20)

Recently uploaded

Recently uploaded (20)

J j-j-jea power

Editor's Notes