Support 'sudoers' functionality #36
Comments
alainassaf
added
Issue-Feature
|
I agree with this. |
|
This should be a topic for Windows Security Groups. Even computers outside domains have Security Policy, Local Policy, and Security Groups. So if all these (and similar) usage cases were to be implemented in the current framework it would already be an improvement. This includes pretty standard issue of giving non-privileged user a right to run just a single application "as Admin". |
|
The logic is already there with JEA, but this could be a much simpler wrapper for it. |
Not so sure about it. From JEA requirements: As this would be local sudo, you wouldn't go through PS remote, and thus what seems as main requirement would be unavailable. If they can make it work locally IDK. |
joadoumie
removed
the
Needs-Triage
Description of the new feature / enhancement
The current granularity available with UAC, group policy, and NTFS permissions is lacking compared to utilizing a 'sudoers' file as supported in Linux implementations of sudo. It would be very useful for win admins to utilize 'sudoers' to further control permissions on a windows system and not grant administrative access to perform certain actions.
My perspective is more on the server side of things, but it could be useful for workstations and systems that don't have or use Active Directory.
Scenario when this would be used?
In an IT organization with multiple tiers of admins, there's a need to prevent certain admins from having Full administrative access.
These 3 different teams currently have full admin access to a server. This can isolated with restricted groups in AD, but that still grants full administrative access to a system that a server operations or software admin team don't necessarily need.
Incorporating 'sudoers' allows granting certain folder and executable permissions to certain groups, users, or service accounts.
Supporting information
The text was updated successfully, but these errors were encountered: