- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2022 08:50 AM
[Rome]
I have set up JEA discovery in a limited test environment and successfully discovered 3 VMware VMs. So I have the basics figured out.
Now I have to think about deploying at larger scale, and I have questions.
1. I understand that the MID server for JEA is configured with WinRM protocol - but can it still discover Windows servers that don't have JEA configuration files and certificate as long as WinRM is enabled and a valid admin-level credential exists?
2. I'm using JEAv2 that uses a certificate to verify the MID server as the sending source of the commands. With Rome+ versions, am I able to revert to JEA(v1), get rid of the certificate and init.ps1 file, and instead provide a list of allowed cmdlets/functions? Or is this capability deprecated.
3. Do the MID server and the target server have to be in the SAME domain? Or are my domain trusts still valid.
thank you
Solved! Go to Solution.
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2022 02:37 PM
I have answers:
1. I understand that the MID server for JEA is configured with WinRM protocol - but can it still discover Windows servers that don't have JEA configuration files and certificate as long as WinRM is enabled and a valid admin-level credential exists?
NO - once the MID server is configured to look for JEA endpoint, it will not discover servers without JEA endpoint.
2. I'm using JEAv2 that uses a certificate to verify the MID server as the sending source of the commands. With Rome+ versions, am I able to revert to JEA(v1), get rid of the certificate and init.ps1 file, and instead provide a list of allowed cmdlets/functions? Or is this capability deprecated.
NO - with Rome+ version, "JEAv2" is required, and the ability to specify allowed commands is removed. Note "JEAv2" is a ServiceNow invention built on top of Microsoft JEA.
3. Do the MID server and the target server have to be in the SAME domain?
NO
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2022 02:37 PM
I have answers:
1. I understand that the MID server for JEA is configured with WinRM protocol - but can it still discover Windows servers that don't have JEA configuration files and certificate as long as WinRM is enabled and a valid admin-level credential exists?
NO - once the MID server is configured to look for JEA endpoint, it will not discover servers without JEA endpoint.
2. I'm using JEAv2 that uses a certificate to verify the MID server as the sending source of the commands. With Rome+ versions, am I able to revert to JEA(v1), get rid of the certificate and init.ps1 file, and instead provide a list of allowed cmdlets/functions? Or is this capability deprecated.
NO - with Rome+ version, "JEAv2" is required, and the ability to specify allowed commands is removed. Note "JEAv2" is a ServiceNow invention built on top of Microsoft JEA.
3. Do the MID server and the target server have to be in the SAME domain?
NO
