1 of 8

WEBJEA

A portal to self-service administration

2 of 8

Credit where credit is due

WebJEA is wholly built by Mark Domansky.

https://github.com/markdomansky/WebJEA

YouTube:

WebJEA: PowerShell driven Web Forms for Secure Self-Service by Mark Domansky

3 of 8

What it isn’t

  • WebJEA != JEA
  • Similar in that a specialized account is standing in for the users normal credentials/rights
  • No role capability or session capability files
  • Users don’t need to know Enter-PSSession
  • Users don’t need to learn PoSh cmdlets to do work

4 of 8

What problems does it solve?

  • Needed a method to provide self-service to users who don’t have the rights to perform a task
  • Need that method to:
    • Be easy to use by folks who don’t understand the work being done under the covers
    • Restrict what tasks users can see and perform
    • Audit use of the service
  • Helps us dip a toe into the pool of using actual JEA

5 of 8

Examples of use

  • Prestage computers in AD
  • Add users to VPN group
  • Add users to Splunk roles
  • AD user group search
  • Search GPOs for keyword
  • SCCM software promotion
  • Simple reporting

6 of 8

Pluses

  • Easy form fills for automating tasks
  • Refreshes instantly after changes, no service restarts required
    • Also a minus, if you refresh a page with information in the form, it will try to re-run.
  • Allows for delegation of simple tasks

7 of 8

Minuses

  • Can’t prompt for credentials (Get-Credential no worky)
  • No output until script is done
    • You either get success or fail messages when completed
    • Write-Progress, Write-Output, Write-Host not supported

8 of 8

Considerations

  • WebJEA can and should be run using a GSMA
  • Requires minor formatting changes for script to be read into form correctly
  • Creates tasks list alphabetically, based on the DisplayName, requiring some massaging of the json config file