detection
Privileged user login restrictions
high
Language:
describe
User login credentials are usually used in the computer exposed in memory, malicious software can steal the credentials to impersonate the user.To have access to sensitive business dataA privileged user,They should be connected only safe and reliable computer,To minimize risk of identity theft.Can take someTechnical measuresIn order to enforce this rule, and verify its implementation through the exposure index.
The solution
In order to increase the attacker and malware to steal the difficulty of the privileged status and its related permissions, privileged user should be connected to a trusted computer only."Layered model are used to determine privileged users and trusted computer after the implementation of technical measures, in order to in the daily operation of privileged users logged in to enforce restrictions, even if an error occurs.
See also
User - Workstations deprecation notice
User right: Deny the log on as a batch job (SeDenyBatchLogonRight)
User right: Deny the log on as a service (SeDenyServiceLogonRight)
User right: Deny the log on locally (SeDenyInteractiveLogonRight)
Description of Selective Authentication (introduced by Windows 2003)
How selective authentication affects domain controller behaviors
Charges - To - Authenticate extended right
User right: Deny the log on through Remote Desktop Services (SeDenyRemoteInteractiveLogonRight)
User right: to Deny access to this computer from the network (SeDenyNetworkLogonRight)
Detailed information
The name of the:Privileged user login restrictions
Code name:C - ADMIN - RESTRICT - AUTH
severity:High
Strategy:TA0004
Technology:T1078
The attacker known tool
Andrew Robbins (@ _wald0), Rohan Vazarkar (@ CptJesus), Will Schroeder (@ harmj0y):BloodHound
Benjamin Delpy:Mimikatz