Iron Scripter prelude

Iron Scripter Prelude 3 Solution

Last week the Chairman provided another prelude challenge. This challenge was intended to get you familiar with Just Enough Administration (JEA). This is an admittedly advanced topic, but the Chairman expects nothing less from his Iron Scripters. To assist you in your quest the Chairman has graciously provided another sample solution. JEA is not a cookie-cutter technology as every organization is different and every business case is slightly different.

To get started you would have needed to create a RoleCapability file and a PSSessionConfigurationFile. Your first step might have been to ask PowerShell for help.

Given the requirements, you might have created a role capability file like this.

This file would most likely be placed in a RoleCapabilities folder in a module that you will deploy to the target server.

a JEA module layout

The psm1 file can be empty with no functions exported. The proxy and helper functions are defined in the psrc file but they could also have been defined in the module. Otherwise, the manifest is pretty simple.

To use this will require a PSSessionConfiguration file.

Here is the completed file.

It is a good idea to test it.

At this point you will want to set up the Active Directory domain with the necessary groups and user accounts.

Next, the node needs to be setup.

Once setup you might want to verify what the user can and cannot do.

The JEA endpoint in action

Creating and deploying a JEA configuration takes some planning, testing and refinement.

The Chairman will be back with another prelude challenge.

1 thought on “Iron Scripter Prelude 3 Solution”

Leave a Reply

Your email address will not be published. Required fields are marked *