Monday, May 23, 2016

security: Just Enough Administration (JEA)

podcast interview: Just Enough Admin and Windows Server 2016 with Jeffrey Snover - RunAsRadio

"How much administration do you need? Richard chats with Tech Fellow and Father-of-PowerShell Jeffrey Snover about Just Enough Administration (JEA). The goal of JEA is to get administrators to stop living in admin accounts, to operate day-to-day with regular domain accounts and only escalate up to admin for a specific task, typically written in PowerShell. Jeffrey talks about creating a "break glass in emergency" account that is the superadmin, only to be used when there's no other way to do something. This account should be heavily logged and scrutinized, so that root cause analysis can extract the needs for the event and create more automation and security granularity around it. JEA works on Server 2008R2 and above, and will be built into Server 2016!"

No comments: