Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft Windows Server 2016 Security Technical Implementation Guide
SRG-OS-000080-GPOS-00048
The Deny log on as a service user right must be configured to include no accounts or groups (blank) on domain controllers.
The Deny log on as a service user right must be configured to include no accounts or groups (blank) on domain controllers.
An XCCDF Rule
Details
Profiles
Prose
The Deny log on as a service user right must be configured to include no accounts or groups (blank) on domain controllers.
Medium Severity
<VulnDiscussion>Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Deny log on as a service" user right defines accounts that are denied logon as a service. Incorrect configurations could prevent services from starting and result in a denial of service.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>