Professional Documents
Culture Documents
ADMT Approach: Hermann Maurer, Jan 22 2020
ADMT Approach: Hermann Maurer, Jan 22 2020
1. Objectives
Agenda
gft.com 02/04/2021 2
Shaping the Type here if add
future of digital info needed for
business every slide
Objectives
Main driver
On premise server network protection
Implementation/Security improvements
Consequential separation of user and administrative accounts
Consequential move of system/service management out of the client computer
Strict separation of user and administrative network traffic
Enforcing the 2nd factor (OTP) for admin account authentication
gft.com 02/04/2021 3
Shaping the Type here if add
future of digital info needed for
business every slide
gft.com 02/04/2021 4
Shaping the Type here if add
future of digital info needed for
business every slide
RDP Restrictions
No printers from client computers available
No drive mapping from client computers available
No file exchange between RDP client and ADMT enabled, text can be copied using clipboard, though
Login restrictions
Team members are allowed to login
Domain admins are allowed to login
Members of BE AS/PS and BE SM teams are allowed to login to GIA ADMTs to support
Software maintenance
Automatically in case of SCCM packages
Manually by owners in case of manually installed software
gft.com 02/04/2021 5
Shaping the Type here if add
future of digital info needed for
business every slide
Network access to Terminal Servers is enabled upon user authentication (XXXX) with
2FA and AD group membership
Login to Terminal Servers is enabled upon admin user authentication (a-XXXX) at
RDGW with 2FA and AD group membership
Access from Terminal Servers to destinations in GFT LAN must be enabled explicitly and
is a subject of approval by GISM. Default access policy is “deny access”.
Access from Terminal Servers to destinations on the Internet (based on domain names
or URLs) must be enabled explicitly and is a subject of approval by GISM. Default
access policy is “deny access”.
gft.com 02/04/2021 6
Shaping the Type here if add
future of digital info needed for
business every slide
gft.com 02/04/2021 7
Shaping the Type here if add
future of digital info needed for
business every slide
gft.com 02/04/2021 8
Shaping the Type here if add
future of digital info needed for
business every slide
Emergency access
gft.com 02/04/2021 9
Shaping the future
of digital business
ADMT Approach
GFT Technologies SE
Hermann Maurer
Group IT - Infrastructure Network Manager
Kölner Str. 10
65760 Eschborn
T +49 6196 969-2088
Hermann.Maurer@gft.com