{ "id": "1344279f-aeb8-4c31-98c4-8c00a0fac0c2", "created_at": "2026-04-06T00:19:16.917405Z", "updated_at": "2026-04-10T13:12:29.173085Z", "deleted_at": null, "sha1_hash": "2f2214e6a264c059732d273911c447173dd7bff7", "title": "Overview of Just Enough Administration (JEA) - PowerShell", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 36619, "plain_text": "Overview of Just Enough Administration (JEA) - PowerShell\r\nBy sdwheeler\r\nArchived: 2026-04-05 15:01:57 UTC\r\nJust Enough Administration (JEA) is a security technology that enables delegated administration for anything\r\nmanaged by PowerShell. With JEA, you can:\r\nReduce the number of administrators on your machines using virtual accounts or group-managed\r\nservice accounts to perform privileged actions on behalf of regular users.\r\nLimit what users can do by specifying which cmdlets, functions, and external commands they can run.\r\nBetter understand what your users are doing with transcripts and logs that show you exactly which\r\ncommands a user executed during their session.\r\nWhy is JEA important?\r\nHighly privileged accounts used to administer your servers pose a serious security risk. Should an attacker\r\ncompromise one of these accounts, they could launch lateral attacks across your organization. Each compromised\r\naccount gives an attacker access to even more accounts and resources, and puts them one step closer to stealing\r\ncompany secrets, launching a denial-of-service attack, and more.\r\nIt's not always easy to remove administrative privileges, either. Consider the common scenario where the DNS\r\nrole is installed on the same machine as your Active Directory Domain Controller. Your DNS administrators\r\nrequire local administrator privileges to fix issues with the DNS server. But to do so, you must make them\r\nmembers of the highly privileged Domain Admins security group. This approach effectively gives DNS\r\nAdministrators control over your whole domain and access to all resources on that machine.\r\nJEA addresses this problem through the principle of Least Privilege. With JEA, you can configure a management\r\nendpoint for DNS administrators that gives them access only to the PowerShell commands they need to get their\r\njob done. This means you can provide the appropriate access to repair a poisoned DNS cache or restart the DNS\r\nserver without unintentionally giving them rights to Active Directory, or to browse the file system, or run\r\npotentially dangerous scripts. Better yet, when the JEA session is configured to use temporary privileged virtual\r\naccounts, your DNS administrators can connect to the server using non-admin credentials and still run commands\r\nthat typically require admin privileges. JEA enables you to remove users from widely privileged local/domain\r\nadministrator roles and carefully control what they can do on each machine.\r\nNext steps\r\nTo learn more about the requirements to use JEA, see the Prerequisites article.\r\nSamples and DSC resource\r\nSample JEA configurations and the JEA DSC resource can be found in the JEA GitHub repository.\r\nhttps://learn.microsoft.com/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.3\r\nPage 1 of 2\n\nSource: https://learn.microsoft.com/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.3\r\nhttps://learn.microsoft.com/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.3\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "origins": [ "web" ], "references": [ "https://learn.microsoft.com/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.3" ], "report_names": [ "overview?view=powershell-7.3" ], "threat_actors": [], "ts_created_at": 1775434756, "ts_updated_at": 1775826749, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/2f2214e6a264c059732d273911c447173dd7bff7.pdf", "text": "https://archive.orkl.eu/2f2214e6a264c059732d273911c447173dd7bff7.txt", "img": "https://archive.orkl.eu/2f2214e6a264c059732d273911c447173dd7bff7.jpg" } }