Manage Learn to apply best practices and optimize your operations.

Five ways to improve Windows Server hardening


Use Just Enough Administration to limit user access

Source:  JJpan/iStock/Getty Images
Visual Editor: Sarah Evans

Microsoft offers two relatively recent approaches to limiting authority delegations: Just Enough Administration and just-in-time (JIT) administration.

In many administrative situations, a user performs a small number of tasks that would traditionally require a high level of privilege. The user ends up with far more privileges than they need to complete the job.

With Microsoft's Just Enough Administration, a senior administrator gives a user access to only the PowerShell commands needed to perform the required tasks -- and no more.

Windows Server 2016 allows connections over PowerShell Direct, secure file copies between Just Enough Administration points and a Just Enough Administration mode for PowerShell consoles.

JIT administration lets a user request elevated privileges to perform certain tasks. JIT is complementary to Just Enough Administration -- IT organizations can use them individually or together as JitJea.

JIT relies on privileged identity management and privileged access management. When the administrator approves a user request, JIT applies privileges through a new bastion forest that is isolated from common applications or user forests. It automatically revokes privileges when the user completes the work or the allotted time expires.

View All Photo Stories