| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-220970 | CAT II | MONT-WS-92040 | Microsoft Windows 10 Security Technical ... | The Deny log on as a service user right on Windows... | - | |||
Check TextThis requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If the following groups or accounts are not defined for the "Deny log on as a service" right , this is a finding. Domain Systems Only: Enterprise Admins Group Domain Admins Group Fix TextThis requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Deny log on as a service" to include the following: Domain Systems Only: Enterprise Admins Group Domain Admins Group Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 853C0CE81C1C24F05FBE2ADC24FBC18BB9DC2A41 ~~~~~ Deny log on as a service: No objects assigned to this right.
Source: _Reviewed/MONT-WS-92040/Checklist/MONT-WS-92040_Win10_V3R4_20251023-142421.ckl
Scan Date: 2026-01-14T12:57:26.690022
Technology Area: Windows Operating System
|
||||||||
| V-220970 | CAT II | MONT-WS-92010 | Microsoft Windows 10 Security Technical ... | The Deny log on as a service user right on Windows... | - | |||
Check TextThis requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If the following groups or accounts are not defined for the "Deny log on as a service" right , this is a finding. Domain Systems Only: Enterprise Admins Group Domain Admins Group Fix TextThis requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Deny log on as a service" to include the following: Domain Systems Only: Enterprise Admins Group Domain Admins Group Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 853C0CE81C1C24F05FBE2ADC24FBC18BB9DC2A41 ~~~~~ Deny log on as a service: No objects assigned to this right.
Source: _Reviewed/MONT-WS-92010/Checklist/MONT-WS-92010_Win10_V3R4_20251023-141133.ckl
Scan Date: 2026-01-14T12:57:28.689048
Technology Area: Windows Operating System
|
||||||||
| V-220970 | CAT II | MONT-SW-89108 | Microsoft Windows 10 Security Technical ... | The Deny log on as a service user right on Windows... | - | |||
Check TextThis requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If the following groups or accounts are not defined for the "Deny log on as a service" right , this is a finding. Domain Systems Only: Enterprise Admins Group Domain Admins Group Fix TextThis requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Deny log on as a service" to include the following: Domain Systems Only: Enterprise Admins Group Domain Admins Group Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA.
Source: MONT-SW-89108_Win10_V3R5_20251217-203019.ckl
Scan Date: 2026-03-04T15:25:16.342077
Technology Area: Windows Operating System
|
||||||||
| V-220970 | CAT II | MONT-SW-89134 | Microsoft Windows 10 Security Technical ... | The Deny log on as a service user right on Windows... | - | |||
Check TextThis requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If the following groups or accounts are not defined for the "Deny log on as a service" right , this is a finding. Domain Systems Only: Enterprise Admins Group Domain Admins Group Fix TextThis requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Deny log on as a service" to include the following: Domain Systems Only: Enterprise Admins Group Domain Admins Group Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA.
Source: MONT-SW-89134_Win10_V3R5_20251217-201218.ckl
Scan Date: 2026-03-04T15:25:42.339596
Technology Area: Windows Operating System
|
||||||||