header image

Constrained PowerShell or JEA?

Posted by: | November 3, 2017 Comments Off on Constrained PowerShell or JEA? |

PowerShell remoting gives you access to all of the functionality on the box by default. You can created constrained (or restricted) endpoints that limit that functionality to specific cmdlets.

 

Alternatively you can use Just Enough Admin (JEA) to lock down an endpoint through  a Role Based access Control (RBAC) system.

 

JEA is the later option and is more flexible.

 

The PowerShell Team has an interesting (and new to me) take on Constrained Language and JEA.  https://blogs.msdn.microsoft.com/powershell/2017/11/02/powershell-constrained-language-mode/

 

I recommend you read it

under: PowerShell, Security

Comments are closed.

Categories