On the corporate TFC Active Directory, remove TFC\jingalls from TFC\TFCAdmins. We will now walk through how the end user, Jeff Ingalls, will use the PAM PowerShell cmdlets to request access into the TFCAdmins group and access the TOPSECRET folder.

Log in as TFC\jingalls to the workstation TFCWIN10, which is joined to the TFC domain, and verify that the TOPSECRET folder containing Salaries.txt cannot be accessed:

Next, run the following command:

runas /user:priv.jingalls@priv.thefinancialcompany.net powershell

Enter the password for the priv.jingalls account: Pass@word1.

A new window will open. In this new window, enter the following ...