I'm looking for some insights on managing servers for our tech team, especially regarding tools like WAC, RSAT, and MMC. I've heard mixed reviews about WAC being slow, but it sounds intriguing. Currently, I'm in the process of setting up a new Active Directory forest and need a secure yet efficient solution for our technicians to access Active Directory, Group Policy Objects, and DNS. We used to log in directly to the Domain Controller, which I know isn't ideal, but we want to switch to a more secure setup as we have around 100 users and about 25 servers. The main Domain Controller will be hosted in Azure for redundancy. Do you recommend using a jump-host for this?
1 Answer
A common setup for these situations is to have a dedicated jump host or admin VM that's domain-joined and properly secured. We use RSAT and MMC for everyday tasks like managing Active Directory, Group Policy, and DNS. It's important to avoid direct logins to the Domain Controllers except in emergencies. WAC can be handy for certain tasks like patching, but it’s not a full replacement for RSAT yet. Given your environment size, having a single admin jump box with multi-factor authentication really simplifies things and scales nicely. If you're already rebuilding your forest, make sure to integrate this jump host setup from the start—it's tough to change later on.
Starting fresh sounds like a solid plan! For your jump host, do you go with a server OS or Windows 11? My crew uses a server OS for better stability. Also, we're planning to disable RDP access and only allow entry through RMM with MFA—that's a good security move. I'm curious about how you manage file servers without remoting into them directly?