Skill

implementing-privileged-access-workstation

Designs and implements Privileged Access Workstations (PAWs) with hardening, JIT access, Intune/GPO compliance, and CyberArk/BeyondTrust integration for secure admin tasks.

Python

security

authentication

npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

A Privileged Access Workstation (PAW) is a hardened device dedicated to performing sensitive administrative tasks. This skill covers PAW design using the tiered administration model, device compliance enforcement via Microsoft Intune or Group Policy, just-in-time (JIT) access provisioning, and integration with privileged access management (PAM) platforms like CyberArk and BeyondTrust.

Supporting Assets

LICENSEreferences/api-reference.mdscripts/agent.py

SKILL.md

Similar Skills

applying-brand-guidelines

41.6k

Applies Acme Corporation brand guidelines including colors, fonts, layouts, and messaging to generated PowerPoint, Excel, and PDF documents.

3 files

anthropics-claude-cookbooks

creating-financial-models

41.6k

Builds DCF models with sensitivity analysis, Monte Carlo simulations, and scenario planning for investment valuation and risk assessment.

2 files

anthropics-claude-cookbooks

analyzing-financial-statements

41.6k

Calculates profitability (ROE, margins), liquidity (current ratio), leverage, efficiency, and valuation (P/E, EV/EBITDA) ratios from financial statements in CSV, JSON, text, or Excel for investment analysis.

2 files

anthropics-claude-cookbooks

Stats

Stars5748

Forks783

Last CommitApr 6, 2026

Actions

View Source View Plugin View on GitHub View README

Implementing Privileged Access Workstation

Overview

When to Use

When deploying or configuring implementing privileged access workstation capabilities in your environment
When establishing security controls aligned to compliance requirements
When building or improving security architecture for this domain
When conducting security assessments that require this implementation

Prerequisites

Windows 10/11 Enterprise with Virtualization Based Security (VBS)
Microsoft Intune or Active Directory Group Policy
CyberArk Privileged Access Security or BeyondTrust Password Safe (optional)
Python 3.9+ with requests, subprocess, json
Administrative access to target endpoints

Steps

Audit current privileged access patterns and identify Tier 0/1/2 assets
Configure device hardening baselines (AppLocker, Credential Guard, Device Guard)
Enforce compliance policies via Intune or GPO
Implement just-in-time access with time-limited admin group membership
Integrate with CyberArk/BeyondTrust for credential vaulting
Validate PAW configuration against CIS and Microsoft PAW guidance
Monitor privileged sessions and generate compliance reports

Expected Output

JSON report listing device compliance status, hardening checks, JIT access windows, and PAM integration verification
Risk scoring per workstation with remediation recommendations