Options

Disabling interactive logon for service accounts

ankurj.hazarikaankurj.hazarika Member Posts: 56 ■■□□□□□□□□
in MCTS / MCITP on Windows 2008 General
Team,


Why is it important to disable interactive logons for service accounts in a windows environment? Please help me understand.


Thanks.
Ankur
· Share on FacebookShare on Twitter

Comments

  • Options
    iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    So that someone with the service account credentials cannot use it to log into the desktop environment on a system as the service account user with escalated privileges.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
    · Share on FacebookShare on Twitter
  • Options
    LexluetharLexluethar Member Posts: 516
    Bingo - you don't want someone to go behind the scenes and log into a server with a service account. If they could log in with the service account there would be no way of knowing exactly who actually made server changes.

    Same concept as changing the default admin password and storing it away so no one logs in using it.
    · Share on FacebookShare on Twitter
  • Options
    gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    Probably won't help against hackers, just a measure for preventing IT personnel from using these accounts to log on and do regular stuff.
    · Share on FacebookShare on Twitter
  • Options
    TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    It's a method of hardening the system. Accounts should only be used for the reason they were created for, as such any rights that are not needed should be removed.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.