In the previous chapter, I explained how JEA can work in an infrastructure to secure the privileges associated with domain accounts. In a nutshell, we can create JEA endpoints and assign them to roles. Users do not need to have permissions such as domain admin or enterprise admin to run these. Users can use these endpoints with their regular AD user accounts. However, in the backend JEA, commands are executed using a JEA local administrator account. These login details need not be known by end users, and their passwords are reset on a daily basis--automatically.

As promised in the previous chapter, let's look at how to get JEA installed and configured.

In order to install JEA, first log in to the server from a user that has local administrator privileges, and open PowerShell:

Install-Module xJEA

The following screenshot show output for the preceding command:

Once it is installed, we can confirm it using the following:

Find-Module –Name xJEA

The following screenshot show output for the preceding command: