
close
close
In the first part of this series, PowerShell 5.0 Just Enough Administration (JEA) Part 1: Understanding JEA and Configuring the Demo Toolkit, I showed you how to install the xJEA PowerShell module, which includes the necessary Desired State Configuration (DSC) resource to configure JEA on one or more servers running the Windows Management Framework 5.0 using the supplied setup script.
advertisment
In the second and final part of this series, we’ll define our own JEA toolkits, and check the logs to get information on what commands were run, when, where and by which users, via the JEA activity log and the Windows Event Log.
In the first part of this series, we created a JEA toolkit that enabled users who connected to run a limited set of commands to kill specific processes on the device, or restart services. Creating a list of cmdlets, parameters and functions that are available in the toolkit can be a little complicated, because it isn’t necessarily obvious how to work with the DSC syntax. But help is at hand in the form of the JEA Toolkit Helper.
To expedite the creation of a DSC script to create our own JEA toolkit, I recommend downloading the JEA Toolkit Helper, which is free from Microsoft’s website. The toolkit helper comes in the form of a PowerShell script, which is supported by a GUI.
Before running the script, if you are not logged in using the default administrator account, you will need to disable UAC. For more information on disabling UAC, see Disabling User Account Control (UAC) in Windows 7 on the Petri IT Knowledgebase. The process for disabling UAC in Windows Server 2012 R2 is the same as in Windows 7, and don’t forget to enable UAC once you’re done.
advertisment
Additionally, you’ll need to set the PowerShell script execution policy to unrestricted before running the JEA Toolkit Helper. To set the policy, open a PowerShell prompt, and run the cmdlet as shown below:
Now we're ready to run the JEA Toolkit Helper. Right click the downloaded .ps1 script file, select Run with PowerShell from the context menu, and click Open in the warning dialog box. A PowerShell console window will open. Type R in the window and press ENTER to run the script. After a few moments, the script's GUI will open.Create a DSC script using the JEA Toolkit Helper
We've never used the tool before, so there's no .CSV file containing information about the cmdlets, parameters and functions we want to make available. In this example, I'm going to set up a toolkit for print administrators, so they can connect to a server, access all the cmdlets available as part of the PowerShell Print Management module, restart the Print Notify and Spooler services, and get basic information about the server’s network configuration.The JEA Helper Toolkit design tab (Image Credit: Russell Smith)
The JEA Helper Toolkit script output tab (Image Credit: Russell Smith)
Importing a configuration (Image Credit: Russell Smith)
Testing a JEA endpoint (Image Credit: Russell Smith)
Testing a JEA endpoint (Image Credit: Russell Smith)
Checking the event log for users connecting to JEA endpoints (Image Credit: Russell Smith)
The JEA activity log file (Image Credit: Russell Smith)
More from Russell Smith
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in PowerShell
Microsoft’s New PowerShell Crescendo Tool Facilitates Native Command-Line Wraps
Mar 21, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group