CCE-2792-0Platform: cpe:/o:microsoft:windows_xp | Date: (C)2012-03-13 (M)2023-07-04 |
This security setting determines which service accounts are prevented from registering a process as a service. This policy setting supersedes the Log on as a service policy setting if an account is subject to both policies.Note: This security setting does not apply to the System, Local Service, or Network Service accounts.
Countermeasure:
We recommend that you not assign the Deny log on as a service user right to any accounts, which is the default configuration. Organizations that are extremely concerned about security may wish to assign this user right to groups and accounts that they are certain will never need to log on as a service.
Potential Impact:
If you assign the Deny log on as a service user right to specific accounts, services may not be able to start and a DoS condition could result.
Parameter:
[list_of_users_followed_by_comma]
Technical Mechanism:
(1) GPO: Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment\\Deny log on as a service
(2) REG: ###
(3) WMI: root\\rsop\\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeDenyServiceLogonRight' and precedence=1
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.8 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:gov.nist.usgcb.xp:def:677 |
BITS Shared Assessments SIG v6.0 | BITS Shared Assessments SIG v6.0 |
Jericho Forum | Jericho Forum |
HIPAA/HITECH Act | HIPAA/HITECH Act |
FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- | FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- |
ISO/IEC 27001-2005 | ISO/IEC 27001-2005 |
COBIT 4.1 | COBIT 4.1 |
GAPP (Aug 2009) | GAPP (Aug 2009) |
NERC CIP | NERC CIP |
NIST SP800-53 R3 | NIST SP800-53 R3 AC-3 |
NIST SP800-53 R3 | NIST SP800-53 R3 CM-6 |
PCIDSS v2.0 | PCIDSS v2.0 |
FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- | FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- |
BITS Shared Assessments AUP v5.0 | BITS Shared Assessments AUP v5.0 |