On the corporate TFC Active Directory, remove TFC\jingalls
from TFC\TFCAdmins
. We will now walk through how the end user, Jeff Ingalls, will use the PAM PowerShell cmdlets to request access into the TFCAdmins
group and access the TOPSECRET
folder.
Log in as TFC\jingalls
to the workstation TFCWIN10, which is joined to the TFC domain, and verify that the TOPSECRET
folder containing Salaries.txt
cannot be accessed:
Next, run the following command:
runas /user:[email protected] powershell
Enter the password for the priv.jingalls
account: Pass@word1
.
A new window will open. In this new window, enter the following commands:
Import-module MIMPAM Get-PAMRoleForRequest
You should see all the roles that Jeff can request. In this case, it's just one: the TFCAdmins
.
Now, enter the following commands:
$r = Get-PAMRoleForRequest | ? { $_.DisplayName –eq "TFCAdmins" } New-PAMRequest -role $r
We will close the window and launch a new PowerShell window using the following...