• Configuring and Deploying Just Enough and Just-In-Time Administration(JEA/JIT)

    Home » Forums » Admin IT Lounge » WSUS, SCCM, Exchange and update management tools » Configuring and Deploying Just Enough and Just-In-Time Administration(JEA/JIT)

    Tags:

    Author
    Topic
    PhotM
    AskWoody Lounger
    February 24, 2017 at 7:36 am #97106

    Australia 2017
    Configuring and Deploying Just Enough and Just-In-Time Administration(JEA/JIT)
    https://channel9.msdn.com/events/Ignite/Australia-2017/INF336

    Feb 10, 2017 at 4:33PM by Orin Thomas

    Just enough administration is a new administration model that involves giving those that need to perform administrative tasks only those tools needed to complete those tasks. Just-In-Time administration is a complementary technology available in Windows Server 2016 that allows you to assign users to privileged groups for a limited duration rather than on a semi-permanent basis. In this session you’ll learn about the steps you need to take to deploy Just Enough Administration and Just-In-Time Administration, also known as Privileged Access Management. You’ll learn about how you can configure Just Enough Administration to allow users to perform specific tasks. You’ll also learn how you can configure Just-In-Time administration so that users are removed from privileged groups after a specific amount of time.

    Slides View Slides Online

    day: 3
    level:Level 300
    track:Datacenter and Infrastructure Management
    code: INF336
    room: Arena 1A

    Privileged Access Management for Active Directory Domain Services(PAM/PIM & JEA/JIT)
    https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services

    1/10/2017 6 min to read Contributors Kelly Gremban Barclay Neira mbaldwin@microsoft.com Liza Poggemeyer

    Privileged Access Management (PAM) is a solution that helps organizations restrict privileged access within an existing Active Directory environment.

    Privileged Access Management accomplishes two goals:

    Re-establish control over a compromised Active Directory environment by maintaining a separate bastion environment that is known to be unaffected by malicious attacks.
    Isolate the use of privileged accounts to reduce the risk of those credentials being stolen.
    Note

    PAM is an instance of Privileged Identity Management (PIM) that is implemented using Microsoft Identity Manager (MIM).
    What problems does PAM help solve?
    A real concern for enterprises today is resource access within an Active Directory environment. Particularly troubling is news about vulnerabilities, unauthorized privilege escalations, and other types of unauthorized access including pass-the-hash, pass-the-ticket, spear phishing, and Kerberos compromises.

    Today, it’s too easy for attackers to obtain Domain Admins account credentials, and it’s too hard to discover these attacks after the fact. The goal of PAM is to reduce opportunities for malicious users to get access, while increasing your control and awareness of the environment.

    PAM makes it harder for attackers to penetrate a network and obtain privileged account access. PAM adds protection to privileged groups that control access across a range of domain-joined computers and applications on those computers. It also adds more monitoring, more visibility, and more fine-grained controls so that organizations can see who their privileged administrators are and what are they doing. PAM gives organizations more insight into how administrative accounts are used in the environment.

    How is PAM set up?
    PAM builds on the principle of just-in-time administration, which relates to just enough administration (JEA). JEA is a Windows PowerShell toolkit that defines a set of commands for performing privileged activities and an endpoint where administrators can get authorization to run those commands. In JEA, an administrator decides that users with a certain privilege can perform a certain task. Every time an eligible user needs to perform that task, they enable that permission. The permissions expire after a specified time period, so that a malicious user can’t steal the access.

    PAM setup and operation has four steps.

    ……

    --------------------------------------

    1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

    SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

    CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
    Graphics Radeon RX 580, RX 580 ONLY Over Clocked
    More perishable

    2xMonitors Asus DVI, Sony 55" UHD TV HDMI

    1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
    1xOS W8.1 Pro, NAS Dependent, Same Sony above.

    -----------------

    Reply | Quote
    Reply To: Configuring and Deploying Just Enough and Just-In-Time Administration(JEA/JIT)

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.