Introduction to Windows Server

2016 Just-In-Time Administration

Presenter:

RUSSELL SMITH

@smithrussell

Russell Smith

Russell Smith

packtpub.com

Are IT staff in your organization

permanently assigned administrative

privileges

• Unwanted or unauthorized system-

wide changes

• No damage limitation against

malware

• System integrity issues

What Problems Do Privileged Accounts

Cause?

• Hack sensitive business data

• Changes through the backdoor

What Problems Do Privileged Accounts

Cause?

Process for managing changes

to IT systems

Prevents unplanned changes to

complex interconnected

systems

Reduces downtime and

support requests

Change Control

Many don’t Privilege drift

Grant privileged access

permanently

Privileged access to external

contractors

How Do Organizations Manage Privileges?

Third-party privilege

management solutions

User Account Control (UAC)

Active Directory

delegation

PowerShell constrained endpoints

(JEA)

Windows Server 2016 Privileged

Access Management

(PAM)

How Can Privileges Be Managed?

• Adds protection to privileged

groups

• Re-establish control over a

compromised AD

• Insight into how administrative

accounts are used

What Is PAM?

Privilege escalation

attacks

Pass-the-Hash

Pass-the-Ticket

Spear phishing

What Problems Does PAM Solve?

Shadow security principals

Time-limited group membership

PAM cross-forest trust

Bastion forest

PAM workflow (Microsoft Identity Manager)

Enabling Technologies

PAM Trust

Image Credit: Microsoft

Prepare

ProtectOperate

Monitor

PAM In Action

PAM In Action

Image Credit: Microsoft

PAM In Action - Monitor

Auditing Alerts

Event Viewer

Reports

• MIM Web Services API

• REST endpoint

• Windows PowerShell (New-

PAMRequest)

Requesting Privileged Access

MIM is requiredLicensed per-

user

Best purchased via Enterprise

Mobility + Security

Can be licensed

alongside Azure AD Premium

What About MIM?

PowerBroker for

Windows

Least Privilege and Application Control

for Windows Servers and Desktops

Summary: Why PowerBroker for Windows?

• Asset discovery, application control, risk compliance, Windows event log monitoring included

• Optional: Session monitoring, file integrity monitoringDeep capability

• U.S. Patent (No. 8,850,549) for the methods and systems employed for controlling access to resources and privileges per process

Mature, patented leader

• Tightly integrated with vulnerability management

• Deep reporting and analytics insights for compliance and operations

Centralized reporting, analytics and management

• Privilege and session management on Unix, Linux and Windows

• Privileged password and session management

• Integrate Linux, Unix, and Mac OS X with Microsoft AD

• Real-time auditing of AD, File System, Exchange & SQL

Part of a broad solution family

Va

lida

ted

by c

usto

me

rs a

nd

an

aly

sts

alik

e

Your solution should:

• Elevate privileges to applications, not users, on an as-needed basis without

exposing passwords

• Enforce least-privilege access based on an application’s known vulnerabilities

• Track and control applications with known vulnerabilities or malware to further

protect endpoints

• Monitor event logs and file integrity for unauthorized changes to key files and

directories

• Capture keystrokes and screens when rules are triggered with searchable

playback

Product Demonstration

Poll

Thank you for attending

today’s webinar!