Just Enough Administration (JEA) Framework for PowerShell Security

Listen to this Post

Featured Image
Administrative privileges are a prime target for attackers. The Just Enough Administration (JEA) framework in PowerShell enforces the principle of least privilege, ensuring users have only the permissions they need—nothing more.

You Should Know:

1. Setting Up JEA

First, verify PowerShell version (5.1 or later):

$PSVersionTable.PSVersion 

Install the JEA module:

Install-Module -Name JEAHelper -Force 

2. Creating a JEA Role Capability File

Define what commands a role can execute:

New-PSRoleCapabilityFile -Path .\MyRole.psrc 

Edit `MyRole.psrc` to restrict commands:

VisibleCmdlets = 'Restart-Service', 'Get-Service' 

3. Creating a JEA Session Configuration File

Define who can access the role:

New-PSSessionConfigurationFile -Path .\JEASession.pssc -SessionType RestrictedRemoteServer -RoleDefinitions @{ 'CONTOSO\HelpDesk' = @{ RoleCapabilities = 'MyRole' } } 

4. Registering the JEA Endpoint

Deploy the configuration:

Register-PSSessionConfiguration -Name 'JEASession' -Path .\JEASession.pssc -Force 

5. Testing JEA

Connect to the restricted session:

Enter-PSSession -ComputerName Localhost -ConfigurationName JEASession -Credential (Get-Credential) 

6. Auditing JEA Sessions

Enable PowerShell logging:

 Group Policy: 
 Computer Configuration → Administrative Templates → Windows Components → Windows PowerShell → Turn on Module Logging 

7. Linux Equivalent: Sudoers File

For Linux admins, restrict sudo access:

visudo 

Add restrictions:

helpdesk ALL=(root) /usr/bin/systemctl restart apache2, /usr/bin/systemctl status apache2 

8. Revoking JEA Access

Remove a JEA endpoint:

Unregister-PSSessionConfiguration -Name 'JEASession' -Force 

What Undercode Say

JEA is a game-changer for securing administrative tasks in PowerShell. By enforcing least privilege, organizations reduce lateral movement risks. Linux admins can achieve similar security with `sudo` restrictions.

Expected Output:

  • Restricted PowerShell sessions with only permitted commands.
  • Reduced attack surface from over-privileged accounts.

Prediction:

As cloud and hybrid environments grow, JEA-like frameworks will become standard for DevOps and IT teams, integrating with CI/CD pipelines for automated privilege management.

Reference:

Security and Just Enough Administration – MyITForum

References:

Reported By: Beingageek Justenoughadministration – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram