STIGQter: STIG Summary: Microsoft Windows Server 2012/2012 R2 Member Server Security Technical Implementation Guide Version: 3 Release: 2 Benchmark Date: 04 May 2021: STIGQter: STIG Summary: Microsoft Windows Server 2012/2012 R2 Member Server Security Technical Implementation Guide Version: 3 Release: 2 Benchmark Date: 04 May 2021:SV-225559r569185_rule
V-225559
SRG-OS-000080-GPOS-00048
WN12-UR-000019-MS
CAT II
10
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> "Deny log on as a service" to include the following for domain-joined systems:
Enterprise Admins Group
Domain Admins Group
Configure the "Deny log on as a service" for nondomain systems to include no entries (blank).
Verify the effective setting in Local Group Policy Editor.
Run "gpedit.msc".
Navigate to Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.
If the following accounts or groups are not defined for the "Deny log on as a service" user right on domain-joined systems, this is a finding:
Enterprise Admins Group
Domain Admins Group
If any accounts or groups are defined for the "Deny log on as a service" user right on non-domain-joined systems, this is a finding.
V-225559
False
WN12-UR-000019-MS
Verify the effective setting in Local Group Policy Editor.
Run "gpedit.msc".
Navigate to Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.
If the following accounts or groups are not defined for the "Deny log on as a service" user right on domain-joined systems, this is a finding:
Enterprise Admins Group
Domain Admins Group
If any accounts or groups are defined for the "Deny log on as a service" user right on non-domain-joined systems, this is a finding.
M
4214