Windows Server 2022 Deny log on as a service user right must be configured to include no accounts or groups (blank) on domain controllers.

An XCCDF Rule

Details
Profiles

Description

Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Deny log on as a service" user right defines accounts that are denied logon as a service. Incorrect configurations could prevent services from starting and result in a denial of service.

ID: SV-254423r958472_rule
Version: WN22-DC-000390
Severity: Medium
References: CCI-000213
Updated: 6 days ago

Remediation Templates

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> Deny log on as a service to include no entries (blank).

Windows Server 2022 Deny log on as a service user right must be configured to include no accounts or groups (blank) on domain controllers.

Description

Remediation Templates

A Manual Procedure