Hey everyone, I'm looking for advice on how to manage non-domain Windows servers without needing to create an administrative service account. My team has been using Ivanti Security Controls in agentless mode, which allowed us to push software and execute commands remotely on multiple servers simultaneously. However, due to security concerns, we've switched to agent mode, which has restricted our ability to manage software installations and execute commands remotely.
For our domain servers, we utilize Group Policy Objects (GPOs), but we're stuck when it comes to non-domain servers. Given that the discussion is specifically about DMZ servers, they cannot be connected to our domain for security reasons. Does anyone know of a reliable software solution that would enable us to manage these non-domain servers efficiently and securely?
2 Answers
This seems like a job for a Mobile Device Management (MDM) solution or Microsoft Intune, which might help with the constraints you have. Just remember that DMZ specifications can complicate matters, so make sure to verify compatibility.
One option is to create a local administrator account on the servers and rotate the passwords frequently for security. However, I would recommend re-evaluating your architecture to see if you can bring everything under the domain, which could simplify management.
That's a good point, but DMZ servers often have strict security protocols that prevent joining a domain.
Definitely consider the constraints of DMZ servers because that can limit your options for MDM solutions.