Netherlands: Software

Introductie Windows Server 2016

Issue link:

Contents of this Issue


Page 123 of 173

114 C H A P T E R 5 | Security SamrLookupNamesInDomain SamrLookupIdsInDomain SamrQueryInformationUser SamrQueryInformationGroup SamrQueryInformationUserAlias SamrGetMembersInGroup SamrGetMembersInAlias SamrGetUserDomainPasswordInformation Boot Configuration Database (BCD) events Event ID 4826 has been added to track the following changes to the BCD: DEP/NEX settings Test signing PCAT SB simulation Debug Boot debug Integrity Services Disable Winload debugging menu PNP Events Event ID 6416 has been added to track when an external device is detected through plug-and-play. One important scenario is if an external device that contains malware is inserted into a high-value machine that doesn't expect this type of action, such as a domain controller. Securing privileged access In this section, we are going to explore a few concepts regarding securing privileged access. First we are going to dive into the concepts of Just In Time and Just Enough Administration (JEA). Then, we are going to explain how you combine all of the tools and technologies we have discussed in this chapter into an implementation strategy for your organization. Just In Time and Just Enough Administration Just In Time (JIT) administration is a fairly basic concept: the principal is that we evolve to a state in which there are no full-time administrators, or more specifically we have no accounts that have full- time administrator privileges. Rather, through a simple process, the privileges required are requested just before they are actually needed, then approved, and then granted to the account for a specific time period. This ensures that the task can be carried out successfully with the correct amount of privileges for the allotted time. JIT works in conjunction with Just Enough Administration (JEA) to secure the correct privileges. In Windows Server 2016 these technologies are combined to provide Privileged Access Management (PAM). More info For more information about PAM, go to dn903243.aspx. Now, let's take a quick look at JEA. This is part of the Windows Management Framework 5.0 package and has been supported since Windows Server 2008 R2. Using JEA, you can assign specific privileges (just enough of them) to a user account to perform a given required function. This means that you don't need to assign a user to an administrator account and then remember to remove them later. JEA gives us the role-based access control (RBAC) that modern enterprises require to achieve more secure environments.

Articles in this issue

Links on this page

Archives of this issue

view archives of Netherlands: Software - Introductie Windows Server 2016