I have recently deployed a JEA endpoint on a few Domain Controllers for a user (Domain User, non privileged).
The user had to be added to "Remote Management Users" AD group in order to have the ability to Powershell into a these DCs.
It occurred to me that outside of the provided, confined endpoint, the user can create sessions to default Powershell endpoint which has access to everything.
Following the great article, I would have to add the user under the permissions of the default windows.powershell endpoint which isn't a straight forward process.
What would be the sensible way to confine the given user to just the one particular endpoint?
Many thanks,
question from:
https://stackoverflow.com/questions/65890513/securing-jea-just-enough-administration 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
