asked on

Tool to allow non-privileged users to carry out limited tasks on servers

We have web servers in our production environment. Sometimes as part of troubleshooting, a web server may need to have the IIS app pool recycled or a particular Windows service restarted. Currently only ops staff can do this because they have full admin rights and can remote into the server.

Is there a tool that we could use to allow other staff to perform these limited functions, without giving them remote desktop access and full admin rights to the web servers?

Kaibuk

Hi
There are probably plenty but one tool I was able to see in action for Desktop/Laptops and can be used for servers is Cyberarc EPM

Kaibuk

Windows server doesn't have yet something direct to control Access Management but you can read through that

https://blog.netwrix.com/2018/08/30/privileged-access-management-in-windows-server/

Maybe the usage of Jump Boxes and disabling direct rdp to servers will suit you but I thing it's overcomplicating the infrastructure. The Benefit do is you dont nee dto pay extra money for 3rd party products.

Search for tool called EPM or Privileage Management here should be plenty out there to test. We are happy with Cyberarc as it can really take out from you over complicated infrastructure and drill down to executables you allow a user to run on a server.

Sean Bravener

powershell is another option. this can be run on remote machines without allowing RDP access to those same machines.

This question needs an answer!

Become an EE member today

7 DAY FREE TRIAL

Members can start a 7-Day Free trial then enjoy unlimited access to the platform.

View membership options

Learn why we charge membership fees

We get it - no one likes a content blocker. Take one extra minute and find out why we block content.