Header Ads

Header ADS

Just Enough Administration (JEA)

August 18, 2021 0

 




Just Enough Administration (JEA)

1.       What is JEA?😏💭💫

v  Just Enough Administration (JEA) is a Microsoft Windows PowerShell toolkit. (JEA) is a security technology that enables delegated administration for anything managed by PowerShell. With JEA, we can Reduce the number of administrators on our machines using virtual accounts or group-managed service accounts to perform privileged actions on behalf of regular users. But it is the matter of sorrow that, this is only works with PowerShell😓😓

 

 

 

*****************Configuration in Server ***************

 

1st Step:

 New-PSSessionConfigurationFile -Path 'C:\Program Files\WindowsPowerShell\spooler_conf.pssc'



 

 

 

 

notepad  'C:\Program Files\WindowsPowerShell\spooler_conf.pssc




Edit the file just like that ,and remove the #(hash)bellow the instruction



 

 

2nd Step(Creating a folder for JEA):

New-Item -Path 'C:\Program Files\WindowsPowerShell\Modules\JEA\RoleCapabilities' -ItemType Directory



 

 

3rd Step

(Creating the PS Role Capability File for the Spooler Admins (psrc file):

èNew-PSRoleCapabilityFile -Path 'C:\Program Files\WindowsPowerShell\Modules\JEA\RoleCapabilities\spooler_admins.psrc'



After executed that command

Then > execute this command to open notepad file

 

 

 

After write this command we saw a notepad window such as-



 

Now, you Change the notepad file that have open. You should not change the file  everything ,

Just change what I mention bellow in the picture  

 

 

Now we Rename the file like this




 

4th Steps è            (Registering the Configuration):

a. Create a group named "Spooler_Admins". Create an user who will member of Spooler_Admins group

Now we go the Users and Computers

 

 

User > New> Group



Group name  Spooler _Admins

 

Under the group we add a member name > kamrul



 



Write down the command

b. Register-PSSessionConfiguration -Name Spooler_Admins -Path 'C:\Program Files\WindowsPowerShell\spooler_conf.pssc'



 

Restart the Spooler Service



 

We have to done our Adds server hand configuration

 

 

Configuration in Client

 

Now, we go to client PC such as Spooler _Admins User bellow in the picture

èa. Enter-PSSession -ComputerName Admin-ADDS -ConfigurationName Spooler_Admins

 Here,Admin- ADDS is my Domain server's name & Spooler_Admins is created group



 

èb. Get-Command

See, you will able to see only specified command


c. Restart-Service spooler

Here you will be restarting the specified service, not other service


 

d. Restart-Service lmhosts

You will not be able to restart this service


e. whoami

You will be able to execute this command since you have permission to do this as external command



So , This is the process of JEA


Tags:

No comments

Subscribe to: Post Comments ( Atom )
Powered by Blogger.