Check: WINUR-000019-DC
Win2k3 Audit:
WINUR-000019-DC
(in version v6 r1.29)
Title
The Deny log on as a service user right will be configured to include no one (blank). (Cat II impact)
Discussion
Inappropriate granting of user rights can provide system, administrative, and other high level capabilities. The "Deny log on as a service" right defines accounts that are denied log on as a service. Incorrect configurations could prevent services from starting and result in a DoS.
Check Content
Fix Text
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> "Deny log on as a service" to include no entries (blank).
Additional Identifiers
Rule ID: SV-47122r1_rule
Vulnerability ID: V-26484
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |