Privileged Access Workstations¶
Purpose¶
Privileged Access Workstations reduce the risk of credential theft by separating administrative work from normal browsing and daily tasks.
Lab approach¶
HQ-MGMT01 acts as the first management workstation.
Rules¶
- Do not use Tier 0 accounts on normal workstations.
- Do not browse unrelated Internet sites from admin sessions.
- Do not install unnecessary software on management systems.
- Use separate accounts for daily and administrative work.
- Restrict access to management tools.
Future maturity¶
Later phases may introduce separate systems:
| System | Purpose |
|---|---|
HQ-MGMT01 |
General administration |
HQ-PAW01 |
Tier 0 privileged administration |
HQ-WAC01 |
Windows Admin Center gateway |