Understanding the Multiple Layers of Privileged Access in Windows

Webinar Registration

The term “privileged access" in Windows is open to interpretation.  Are you simply talking about membership in the local Administrators group?  If so, you need to think about local accounts and if the system is joined to AD then domain accounts.  If it’s an Entra-joined Windows 11 box or an Azure VM then there’s Entra accounts that could be admins. 

But privileged access goes way beyond the Administrators group.  There are a number of admin-equivalent user rights such as “Act as part of the operating system”. 

And again, if the system is part of an AD domain, then anyone with certain group policy related permissions on the OU branch of the computer account has indirect but definite privileged access.  Likewise for systems managed by Intune.  If the system is a VM then it depends on the particular hypervisor or cloud environment.  Azure for instance provides multiple routes of privileged access into VMs based on resource group permissions.

Windows itself has multiple connection points for privileged accounts including RDP, shared folders, WinRM, RPC, etc.  Do you disable these individually or rely on Windows firewall or an external firewall?

Bottom line is there are many vectors to privileged access in Windows, and it can be confusing because so much of this functionality has accreted over time with the progression of IT eras that Windows has lived through. 

In this real training for free session, I will try to give you a comprehensive view of privileged access in Windows covering all these areas and more.  Then I will focus on key choke points that if you understand and properly control will give you confidence that privileged access to your Windows systems is truly locked down to who should actually have it.

But should anyone really have privileged access all the time?  Martin Cannard is joining me from Netwrix and will briefly show you how JIT PAM and Activity orchestration can not only give your users the specific access they need at the point of time that they need it, but how the same approach applies equally to removing attack surfaces posed by ever present Windows services.

This will be a technical deep dive into Windows privileged access both in on-prem and cloud environments.  Register now.

First Name:   
Last Name:   
Work Email:  
Phone:  
Organization:  
Country:    
City:  
State:  
Zip/Postal Code:  
Company Size:
Job Title:
Industry:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.

 

 

Additional Resources