Implementing Microsoft PowerShell Just Enough Administration (JEA)

This course covers the implementation of PowerShell Just Enough Administration (JEA). You will learn how to reduce excessive administration rights and privileges to better secure your environment.
Course info
Rating
(12)
Level
Advanced
Updated
Aug 2, 2016
Duration
4h 26m
Table of contents
Course Overview
Introduction
Reducing Administrative Privilege Without Losing Work
Controlling Commands with Proxy Functions
Controlling Management with Constrained Endpoints
Logging and Reporting of JEA
Centralized Management and Deployment of JEA
Planning and Creating JEA Endpoints for the Enterprise
Next Steps
Description
Course info
Rating
(12)
Level
Advanced
Updated
Aug 2, 2016
Duration
4h 26m
Description

Learning to secure a multi-server, multi-role environment from excessive administration, while maintaining the ability to properly manage these environments, is an excellent skill to learn. This course, Implementing Microsoft PowerShell Just Enough Administration (JEA), will help you get there. You'll see how to enable logging, create JEA endpoints, and Roles. You will build on this by deploying JEA to multiple servers using automation and Desired State Configuration (DSC.) You'll also be introduced to the concept of Just-in-Time administration with JEA. By the end of this course, you'll be better prepared to implement JEA across your environments.

About the author
About the author

Jason Helmick is an author for Pluralsight. His IT career spans more than 25 years or enterprise consulting on a variety of technologies, with a focus on strategic IT business planning. He’s a highly successful IT author, columnist, lecturer, and instructor, specializing in automation practices for the IT pro.

More from the author
More courses by Jason Helmick
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Edward Snowden, regardless if you consider him a whistle-blowing hero or a treasonous thief, took classified and confidential information and released this information to foreign governments and the entire world. Edward Snowden was just a junior contract administrator, with obviously way too many administrative privileges. Sound familiar? It's the classic problem of trusting an administrator because of all of the privileges they have. You need to find a way to only delegate the permissions required to perform a specific task. I'm Jason Helmick, and I want to introduce you to my new course named Implementing Microsoft PowerShell Just Enough Administration, also known as JEA. I'm not only an author here at Pluralsight, but I'm a Windows PowerShell MVP and the CFO of PowerShell. org that hosts the PowerShell DevOps Global Summit. And in this you will not only learn what JEA is, but how to immediately begin to implement it, raising the security, quality, and posture of your company, and you will immediately start protecting its valuable, confidential information and its customer information. You'll learn how JEA works and how to constrain an administrator to only user privileges without stopping them from being able to do their job. You'll learn how to get detailed logging, an over-the-shoulder view of every action an administrator makes, you'll learn how to plan and deploy JEA throughout your entire enterprise, and you will get started understanding and implementing the concept, one of my favorite things, Just-In-Time, known as JIT, or we refer to it as JitJea, which means an administrator only gets the management privileges they need, exactly when they need them, and no longer. When you have finished, you'll be able to make an immediate impact, improving the security of your company. So to get the most out of this course, well, you should already have some experience automating with PowerShell. I'll also help by pointing you to resources here at Pluralsight to help you build any gap in the skills that you might have. Well, here at Pluralsight we're always striving to help you with your learning goals. We love to learn, and we hope that you do too.

Planning and Creating JEA Endpoints for the Enterprise
You know you're not alone in doing all of this, right? There is a way for you to go from development and testing into a piloting stage, and eventually releasing all the way out into production. It's not something that you're going to want to just flip a light switch one day and push all of this out all at once. No, you want to do this in a non-risky fashion in a way that you can do a gradual rollout that will be successful and allow you to have a chance and an opportunity to make adjustments as you go along. That's one thing to keep in mind is this isn't a push and forget project, this is something that you're going to need to tender and you're going to need to take care of. In other words, you're not going to get those endpoints right the very first time, and what I mean by that is really the roles and the role capabilities, they're going to need to be adjusted over time, and so that's kind of the process we want to talk about here, give you some notes and some ideas on planning and creating these endpoints, and also some more advanced information. Well, here's what we're going to take a look at. We're going to start off with some experience from the real world, and this is kind of fascinating because when I said you're not alone in this, Microsoft is doing this right now. Yeah, they're rolling out JEA as well, and I want to give you some of their experience and some notes from that, and I have some special information for you as well. And we want to talk about planning, some of the things you might want to go through in planning your roles and setting up the constraints, and some of the caveats that you want to watch out for, along with, okay, give me an idea of how to perform this, how do I get it out of development into a pilot, and then further out into production, so we'll give you some notes on how to perform those. Let's get started though with experience from the real world.

Next Steps
As you start experimenting and working with JEA and then moving into your pilot process, which I really hope that you start doing soon, there are other things that you might want to consider, and so with our final module together in this course, I wanted to take a few minutes and give you some next steps, some things that will help you, and also I want to introduce you to a new concept as well that you're going to start hearing quite a bit about, especially if you're working with JEA. So here's what we're going to do. First off, I want to kind of go over how to keep current and why you should keep current and some places to help you solve some problems. And along with that, as I mentioned, I want to give you this new concept, and every time you hear JEA, you're also probably going to start hearing people say something like JitJea. In other words, what they're talking about is this concept of Just In Time, Just Enough Administration, and I want you to see that concept, and also I want to do a quick demonstration of it so you can see the importance of why this is a future direction to be implemented both either in your Windows domain or if you're working in the cloud like Azure, you can implement it there for just in time. So what do you say we get started with how to keep current.