I'm setting up a new forest and need some advice on the best ways for techs to access Active Directory, Group Policy Objects, and DNS. I've heard about Windows Admin Center, but it seems pretty slow. With around 100 users and about 25 servers, I'm looking for a secure management solution. Previously, we used to remote directly into the domain controller, but I want to move towards a more secure approach. Do people typically use a jump-host for this? What setups are common?
2 Answers
Yeah, starting fresh is a perfect way to go! For the jump host, I’d recommend using a server OS instead of Windows 11 for better performance and stability. Your plan to disable RDP and use RMM behind MFA sounds solid. In terms of file server management, consider using secure file shares or a remote management tool instead of logging in directly.
What I find works best is having a dedicated jump host or admin VM that's domain-joined and well-secured. We use RSAT and MMC for our daily tasks, like managing Active Directory and DNS, but we don’t log into the domain controllers except in emergencies. Windows Admin Center can be used for specific tasks like patching, but I wouldn't rely on it for heavy admin work. For your setup, a single admin jump box with multi-factor authentication is simple and scales nicely. It’s a good time to implement this since you're rebuilding the forest; it’ll be tougher to integrate later.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures