IT administrators must walk the tightrope between locking down their systems and finding ways to manage those machines without tripping over internal controls.
Microsoft offers a number of security-based technologies to help IT workers who need admin privileges correct many issues, such as Just Enough Administration and bastion forests. But these restrictions tend to be a nuisance when an emergency erupts, and certain protocols prevent remote access to the Windows machine that needs immediate assistance.
The following PowerShell tutorials explain ways to use the automation tool to avoid slowdowns during remote server troubleshooting sessions and tighten security when deploying an IIS website.
How to skip the PowerShell double-hop issue
One of the perks of networking is the ability to remote to different servers to perform quick fixes. But there are times when security implementations can stop things cold. When time is of the essence, the last thing an admin needs is an “access denied” message when trying to use PowerShell remoting to track down a service disruption. When experiencing a double-hop problem during a PowerShell remoting session, don’t resort to using CredSSP, which could open the organization up to some risk.
PowerShell Direct tunnels straight to Hyper-V VMs for management
Admins who prefer to manage Hyper-V virtual machines with PowerShell will need to cope with the aforementioned double-hop problem due to the way Active Directory protects credentials across the network. These authentication restrictions prevent a lateral attack across the network, but also stymie IT’s efforts to just get some work done.
For Hyper-V workloads, Microsoft implemented a PowerShell Direct feature starting in Windows Server 2016 that doesn’t get hamstrung by the delegation issue. As the name implies, PowerShell Direct gives direct access to VMs, even if the network is down.
Use PowerShell to bind certificates to an IIS website
Security is an ongoing concern, particularly for IT workers who deploy Windows Server for various business needs. It only takes one bad setting or a delay in applying an update for an attacker to get a foothold in the data center.
One common use for Microsoft’s server OS is to host a web server based on its Internet Information Services feature. The danger with the two-way communication between a client and the web server handle is not encrypting the traffic, which leaves data susceptible to certain attacks. One way to lock down these interactions so sensitive information, such as login credentials, stays under wraps is to bind an SSL certificate to your IIS website.