implementing-privileged-access-workstation

Solid

Design and implement Privileged Access Workstations (PAWs) with device hardening, just-in-time access, and integration with CyberArk or BeyondTrust for secure administrative operations.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
89
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Privileged Access Workstation ## Overview A Privileged Access Workstation (PAW) is a hardened device dedicated to performing sensitive administrative tasks. This skill covers PAW design using the tiered administration model, device compliance enforcement via Microsoft Intune or Group Policy, just-in-time (JIT) access provisioning, and integration with privileged access management (PAM) platforms like CyberArk and BeyondTrust. ## When to Use - When deploying or configuring implementing privileged access workstation capabilities in your environment - When establishing security controls aligned to compliance requirements - When building or improving security architecture for this domain - When conducting security assessments that require this implementation ## Prerequisites - Windows 10/11 Enterprise with Virtualization Based Security (VBS) - Microsoft Intune or Active Directory Group Policy - CyberArk Privileged Access Security or BeyondTrust Password Safe (optional) - Python 3.9+ with `requests`, `subprocess`, `json` - Administrative access to target endpoints ## Steps 1. Audit current privileged access patterns and identify Tier 0/1/2 assets 2. Configure device hardening baselines (AppLocker, Credential Guard, Device Guard) 3. Enforce compliance policies via Intune or GPO 4. Implement just-in-time access with time-limited admin group membership 5. Integrate with CyberArk/BeyondTrust for credential vaulting 6. Validate PAW configuration against CIS and ...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-privileged-access-management-with-cyberark

Deploy CyberArk Privileged Access Management to discover, vault, rotate, and monitor privileged credentials across enterprise infrastructure. This skill covers vault architecture, session isolation, c

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

implementing-privileged-session-monitoring

Implements privileged session monitoring and recording using Privileged Access Management (PAM) solutions, focusing on CyberArk Privileged Session Manager (PSM) and open-source alternatives. Covers session recording configuration, keystroke logging, real-time monitoring, risk-based session analysis, and compliance audit trail generation. Activates for requests involving privileged session recording, PAM session monitoring, CyberArk PSM configuration, administrator activity monitoring, or compliance session auditing.

12,642 Updated today
mukul975
API & Backend Solid

implementing-pam-for-database-access

Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL. Covers session proxy configuration, credential vaulting, query auditing, dynamic credentia

12,642 Updated today
mukul975
AI & Automation Featured

implementing-just-in-time-access-provisioning

Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound access only when needed. This skill covers JIT architecture design, approval workflo

12,642 Updated today
mukul975
AI & Automation Featured

performing-privileged-account-access-review

Conduct systematic reviews of privileged accounts to validate access rights, identify excessive permissions, and enforce least privilege across PAM infrastructure.

12,642 Updated today
mukul975