WinSecWiki
Windows Security Settings
Articles
WinSecWiki
»
Windows Security Settings
»
Local Policies
»
User Rights Assignment
»
User Rights In-Depth
»
Deny logon as a service
Deny logon as a service
Deny logon as a service
AKA: SeDenyServiceLogonRight, Deny logon as a service
Default assignment: None
This is the opposite of
Log on as a service
and any user with both rights will be denied service logons.
See discussion of logon rights.
This right would be useful for explicitly denying users the ability to run services under their personal account. Running services under an admin/operator’s personal account is bad practice since the service will fail if and when the person leaves the organization and their account is disabled or deleted or if the account is locked out due to repeated password failures. In addition, the user must remember to edit all services when he changes his password.
User Comments
by
Phil
added Tuesday, June 21, 2011
Is it possible to not allow a system and/or service account to login to windows. For forensics purposes, want to force the would-be rouge employee to login with their own user account in order to try and use the system and/or service account to committ a fraudulent act.
Helpful?
Yes
No
by
RandyFranklinSmith...
added Wednesday, June 22, 2011
Yes, but not with this right. Best practice is to not grant, or specifically deny, service accounts from having the 3 logon rights that can be used by humans:
- access this computer from the network
- logon locally
- logon through remote desktop / terminal services
Now even if you have the password of the service account you can't logon with it.
See http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Logon-rights
Helpful?
Yes
No
Add Your Comments
Name:
*
Email Address:
Web Address:
Verification Code:
*
Details
Article not rated yet.
Article has been viewed 1,301 times.
Options
Bookmark Article
Social Bookmarks
Comments RSS
Upcoming Webinars
Additional Resources
Security Log Quick Reference Chart
Security Log Resource Kit
Learn about the SharePoint Audit Log
Patch Tuesday Analysis
Workstation Configuration Management
Home
>
Windows
>
WinSecWiki
User name:
Password:
/
Forgot?
Register
Home