+ Reply to Thread
Results 1 to 5 of 5
  1. Member ankurj.hazarika's Avatar
    Join Date
    Feb 2015
    Location
    Hyderabad, India
    Posts
    56

    Certifications
    Security+ SYO-401, ITIL v3, EXIN CC Foundation
    #1

    Default Disabling interactive logon for service accounts

    Team,


    Why is it important to disable interactive logons for service accounts in a windows environment? Please help me understand.


    Thanks.
    Ankur
    Reply With Quote Quote  

  2. SS -->
  3. Reticulating splines... iBrokeIT's Avatar
    Join Date
    Jul 2013
    Location
    Twin Cities, MN
    Posts
    1,044

    Certifications
    GCIH, GSEC, VCAP5-DCA, VCP5-DCV, MCITP:EA, MCSA 2003/08
    #2
    So that someone with the service account credentials cannot use it to log into the desktop environment on a system as the service account user with escalated privileges.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Mar 2013
    Location
    Midwest
    Posts
    512

    Certifications
    MCSA Server 2008, VCP 5 DCV, CompTIA A+, Net+, 70-640, 70-642, 70-620, 70-646
    #3
    Bingo - you don't want someone to go behind the scenes and log into a server with a service account. If they could log in with the service account there would be no way of knowing exactly who actually made server changes.

    Same concept as changing the default admin password and storing it away so no one logs in using it.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Jan 2015
    Location
    Chicago, IL
    Posts
    950

    Certifications
    Too many MCPs and MCTS, MCSA: Security, MCSE: Security, MCSA: 2003, 2008, 2012, MCITP: EA, CISSP-ISSAP, SCS DLP, GREM
    #4
    Probably won't help against hackers, just a measure for preventing IT personnel from using these accounts to log on and do regular stuff.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    May 2006
    Posts
    1,863

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #5
    It's a method of hardening the system. Accounts should only be used for the reason they were created for, as such any rights that are not needed should be removed.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks