InformationRestrict the User-ID service account from interactively logging on to systems in the Active Directory domain.
In the event of a compromised User-ID service account, restricting interactive logins forbids the attacker from utilizing services such as RDP against computers in the Active Directory domain of the organization. This reduces the impact of a User-ID service account compromise.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
SolutionNavigate to Active Directory Group Policies.
Set Group Policies to restrict the interactive logon privilege for the User-ID service account.
Navigate to Active Directory Managed Service Accounts.
Set Managed Service Accounts to restrict the interactive logon privilege for the User-ID service account.