Do you know what really ticks me off? Stuff that doesn’t work as expected. Exactly that happened to me today while I revisited configuring a “Privileged Access Workstation” (PAW). Now a PAW is used to safeguard highly privileged credentials in a domain or cloud environment. In essence it’s a workstation used solely for admin work, all infrastructure management is done from this machine. While talking about configuring a PAW is beyond the scope of this blog post, I do need to point out that “Domain Admins” and equivalent groups should never ever have local admin rights on a PAW, they should be regular users, reducing the risk of credential theft and the obvious malware infection that usually follows.
Continue reading