Skip to content Skip to site navigation

How to Use a Privileged Access Workstation (PAW)

Safe actions

Use a Privileged Access Workstation (PAW) for the following actions:

Action Notes and Cautions
Isolated use of admin credentials to ensure their integrity Only type your admin credentials into the PAW; never use them on any other system.
Reduce and try to eliminate logging into servers through Remote Desktop Protocol (RDP) and the console with your admin credentials.
Remote assistance/screen sharing to allow you to work with vendors and remote support assistant Use the installed web browser and standalone BlueJeans and WebEx clients. Never allow remote control of mouse or keyboard.
Managing physical server hardware with Dell Remote Access Use the installed web browser and Dell plugin (ActiveX for Windows systems).
Remote administration of servers to allow remote server management tasks Whenever possible, use management techniques that do not place your credentials on the remote server.
For Windows servers:
  • Use Microsoft management consoles on the PAW and connect to remote resources when possible.
  • Use remote PowerShell to manage systems (Enter-PSSession).
For Linux servers:
  • Use Kerberos authentication when possible. Kerberos For Windows is available, and SecureCRT/ SecureFX can use GSSAPI authentication.

Unsafe actions

Do not use a PAW for the following actions:

Action Notes and Cautions
Using email or webmail Phishing attacks via email can allow a trusted machine to follow links, download files, or execute files.
Browsing the web Only use the web browser to manage servers and applications, not for general web browsing.
Allowing remote control Remote control systems such as LogMeIn allow remote entities to access the system.
Last modified January 9, 2017