Incorporate Process Management in Windows Server

%3CLINGO-SUB%20id%3D%22lingo-sub-1558311%22%20slang%3D%22en-US%22%3EIncorporate%20Process%20Management%20in%20Windows%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1558311%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHello%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThere%20are%20lot%20of%20key%20activities%2C%20e.g.%20AD%2C%20that%20Windows%20Server%20is%20just%20accomplishing%20simply%20because%20the%20user%20account%20has%20the%20privileges%20to%20do%20it.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAFAIK%20no%20other%20controls%20or%20documentation%20tool%20is%20incorporated%20into%20Windows%20Server%20to%20allow%20an%20user%20account%20to%20acomplish%20a%20task%20ONLY%20if%20an%20intended%20process%20was%20successfully%20completed.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20mean%20a%20control%20process%20eschema%20like%20the%20processes%20used%20in%20ERP%20software%2C%20e.g.%20a%20payment%20must%20have%20all%20approvals%20before%20it%20is%20finally%20sent%20for%20payment.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWindows%20Server%20should%20have%20a%20tightly%20integrated%20process%20tool%20to%20provide%20control%20and%20documentation%26nbsp%3B%20on%20activities%20like%20AD%20and%20others%2C%20were%20the%20activity%20is%20allowed%20to%20be%20performed%20ONLY%20if%20all%20aprovers%20defined%20for%20that%20activity%20gave%20their%20authorization.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThis%20is%20not%20for%20a%20burocracy%20increase%20is%20just%20to%20have%20a%20integrated%20method%20into%20Window%20Server%20to%20manage%20key%20activities.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThank%20you%20all%20for%20your%20comments.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EBest%20regard%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EKite%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1558311%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Visitor

Hello,

There are lot of key activities, e.g. AD, that Windows Server is just accomplishing simply because the user account has the privileges to do it.

AFAIK no other controls or documentation tool is incorporated into Windows Server to allow an user account to acomplish a task ONLY if an intended process was successfully completed.

I mean a control process eschema like the processes used in ERP software, e.g. a payment must have all approvals before it is finally sent for payment.

 

Windows Server should have a tightly integrated process tool to provide control and documentation  on activities like AD and others, were the activity is allowed to be performed ONLY if all aprovers defined for that activity gave their authorization.

 

This is not for a burocracy increase is just to have a integrated method into Window Server to manage key activities.

 

Thank you all for your comments.

 

Best regard,

 

Kite

 

 

1 Reply

Hi @Kite2386 

 

I'm not familiar with the processes used in ERP software, but does PAM for ADDS fulfil the requirements for control and documentation for sensitive actions in AD?

 

https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-a...