CCE-33731-1Platform: cpe:/o:microsoft:windows_8.1 | Date: (C)2015-10-14 (M)2023-07-04 |
Log on as a service
This policy setting allows accounts to launch network services or to register a process as a service running on the system. This user right should be restricted on any computer in a high security environment, but because many applications may require this privilege, it should be carefully evaluated and tested before configuring it in an enterprise environment. On Windows Vista?based computers, no users or groups have this privilege by default.
When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.
Parameter:
[list of users followed by comma]
Technical Mechanism:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights Assignment!Log on as a service
(2) WMI: root
sopcomputer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeServiceLogonRight' and precedence=1
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.5 | Attack Vector: NETWORK |
Exploit Score: 1.6 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:22657 |