In recent years, network security has become the primary standard for IT strategies in most corporate environments. When a company experiences a major data loss or is victim of a malicious data breach, major ramifications are likely to follow. Depending on the size and severity of the event, several key components of a company can be negatively affected – financial strength, corporate reputation, sustainability & longevity, future success, and industry relevance. That’s why it’s so integral that administrators, like myself, are tasked with making sure our environments are as secure as possible, while still allowing for groups and individuals to carry out their everyday tasks. Microsoft hopes to assist in these efforts and they’ve taken a big step in the right direction by including JEA (Just Enough Administration) with Windows Server 2016.
JEA is a power shell tool introduced in 2014 and a security feature in WMF 5.0 and Windows Server 2016 (TP4) – providing RBAC (Role Based Access Control) for your Windows servers. You can allow people to perform the tasks needed in their role without giving them full access. JEA gives admins the option to place more granular restrictions on specific tasks to help ward off situations where data is compromised.
For example, a role-based network administrator can be given rights to administer DNS and DHCP but not full domain administrator access. You can limit your help desk to administration of active directory for password resets, limited group administration based on OU’s, and print services. It’s also common to have development groups or Hyper-V administrators that need to be limited.
Although each environment is different, there is almost always a need for security (at some level). It appears that Microsoft understands this concept as well. This is evident by the inclusion of security-based features such as JEA in the much anticipated Windows Server 2016.