Monthly Archive

Categories

Constrained PowerShell or JEA?

PowerShell remoting gives you access to all of the functionality on the box by default. You can created constrained (or restricted) endpoints that limit that functionality to specific cmdlets.

 

Alternatively you can use Just Enough Admin (JEA) to lock down an endpoint through  a Role Based access Control (RBAC) system.

 

JEA is the later option and is more flexible.

 

The PowerShell Team has an interesting (and new to me) take on Constrained Language and JEA.  https://blogs.msdn.microsoft.com/powershell/2017/11/02/powershell-constrained-language-mode/

 

I recommend you read it

Comments are closed.