How to configure services to run more securely on Windows

The security vulnerability of services originates with how the organizations have deployed them in their environment. Services, like user accounts, require a mean of authentication to use the system or network resources. This document should help administrators reducing the effect of a compromised service on a local host. Services which run with local admin or domain admin privilege should be consider as highest mitigation risk associated with them, hence there must be a proper mechanism in place to monitor the activities associated with these service accounts.
Read more...

 
Start with step1 and move down to the level where your service run without any issue.

Step 1: Configure the service to run as LocalService
            If test is passed, configure the service to use this account. If it fails, go to step 2.

Step 2: Configure the service to run as NetworkService
            If test is passed, configure the service to use this account. If it fails, go to step 3.

Step 3: Configure the service to run as Local User
            Grant “log on as service” user right
            If test is passed, configure the service to use this account. If it fails, go to step 4.

Step 4: Configure the service to run as LocalSystem
            Trust host as high security server
            If test is passed, configure the service to use this account. If it fails, go to step 5.

Step 5: Configure the service to run as Domain User
Trust host as high security server
            If test is passed, configure the service to use this account. If it fails, go to step 6.

Step 6: Configure the service to run as Local Admin
            Trust host as high security server
If test is passed, configure the service to use this account. If it fails, please check with vendor fix. If it still fails, go to step 7.

Step 7: Configure the service to run as Domain Admins
            Trust host as high security server
If test is passed, configure the service to use this account. If it fails, check for the vendor fix.

No comments:

Post a Comment