This mechanism, however, is currently limited to three roles, thus allowing only a very rough allocation of permissions.
Since Admin Center is based on Windows Management Instrumentation (WMI), Windows Remote Management (WinRM), and PowerShell, it can take advantage of JEA to give users the rights they need to manage specific machines regardless of their originally assigned privileges. This documentation describes this exact procedure. You can avoid the detour via the local groups by adapting the JEA files accordingly and assigning an AD group directly to the roles. In such a case, you should first download the entire package consisting of the JEA and Desired State Configuration (DSC) files as well as the PowerShell modules and then distribute it to the target machines via your preferred mechanism. In larger environments, this interactive configuration of endpoints is not practical.
In addition to selecting the role, assignment to the smart card security group can force the added users to log on using a smart card. A notation according to the "domain\group" pattern is therefore not required. Please note that the mere name of the group is sufficient if it is located in the same domain as the gateway server. A search in AD is not possible, so you have to type in the name completely.
In the respective form, enter the name of the group. The command Gateway > Access opens a page on which you can assign rights to normal users via the + Add button under Allowed Groups. Grant admin access to the WAC gateway for the group WACAdmins
0 kommentar(er)
