Monday - Interview with a Wiki Ninja
Tuesday - TNWiki Article Spotlight
Wednesday - Wiki Life
Thursday - Council Spotlight
Friday - International Update
Saturday - Top Contributors of the Week
Sunday - Surprise
Hi everyone !
Today I will spotlight a very good article from Ahmed Malek; How to Provide Temporary and Secure Administrative Access to Critical Systems and Applications
This is an article that go very far in the subject to secure any system(s). As a system admin myselft, at some point in your career, it's the kind of question you come to ask yourself on the how to do.
It's very detailed, and very informative. Really good article !!
Active Directory provides an easy way to centrally manage accounts within an organization. It also provides an efficient way to delegate the administration and manage the accesses on AD-integrated Windows systems.
For critical systems and applications, some companies would like to restrict the accesses for changes as much as possible. This is feasible by creating AD groups to grant administrative access and then managing the users’ accesses by adding then when a change is required and then removing them once the change is completed. However, it might become a complicated and time consuming task if this is done manually.
This article shares a way that can be used to provide a temporary and secure administrative access to AD-integrated Critical Systems and Applications by combining the use of AD DS Fine-Grained Password Policies and Orchestrator . This is explained through a scenario detailed below.
CONTOSO is a company that provides services to their customers through SharePoint Web portals hosted on-premise. As these portals are Business-Critical for CONTOSO, the company decided to restrict the access to these servers by providing temporary and secure accesses to administrators when changes are required. The administrators should provide the reason for the access when they request for it and CONTOSO IT Governance team should be informed when an access is granted in order to keep a track of what is getting done.
CONTOSO have the following technical implementation to meet their requirements:
CONTOSO was able to provide a temporary and secure administrative access to their Sharepoint servers. However, the new process resulted in having a lot of interaction between the teams and delays when making changes. CONTOSO requested the assistance of a Microsoft Partner to support them in improving their implementation.
To improve the implementation of CONTOSO, an automation should be added to support the process. The temporary and secure administrative access could be granted by using the following:
Below is the workflow for granting or rejecting an administrative access: