Manage Learn to apply best practices and optimize your operations.

Five ways to improve Windows Server hardening

4/6

Use Just Enough Administration to limit user access

Source:  JJpan/iStock/Getty Images
Visual Editor: Sarah Evans

Microsoft offers two relatively recent approaches to limiting authority delegations: Just Enough Administration and just-in-time (JIT) administration.

In many administrative situations, a user performs a small number of tasks that would traditionally require a high level of privilege. The user ends up with far more privileges than they need to complete the job.

With Microsoft's Just Enough Administration, a senior administrator gives a user access to only the PowerShell commands needed to perform the required tasks -- and no more.

Windows Server 2016 allows connections over PowerShell Direct, secure file copies between Just Enough Administration points and a Just Enough Administration mode for PowerShell consoles.

JIT administration lets a user request elevated privileges to perform certain tasks. JIT is complementary to Just Enough Administration -- IT organizations can use them individually or together as JitJea.

JIT relies on privileged identity management and privileged access management. When the administrator approves a user request, JIT applies privileges through a new bastion forest that is isolated from common applications or user forests. It automatically revokes privileges when the user completes the work or the allotted time expires.

View All Photo Stories

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close