Back

Disable net logon unless net logon use is absolutely necessary.


CONTROL ID
01820
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The organization must only enable Net Logon if absolutely necessary. The Net Logon service establishes the Netlogon secure channel with a domain controller. (§ 4.1.11, The Center for Internet Security Windows XP Professional SP1/SP2 Benchmark, 2.01)
  • Table F-3: For Windows 2000 Professional, the organization must configure the permissions for Net Logon to Administrators: Full Control; System: Read; and System: Start, Stop, and Pause. Table F-4: For Windows XP Professional, the organization must configure the permissions for Net Logon to Administ… (Table F-3, Table F-4, CMS Business Partners Systems Security Manual, Rev. 10)
  • For all Windows XP environments, this service is Not Defined. (§ 6.5, Guidance for Securing Microsoft Windows XP Systems for IT Professionals, NIST SP 800-68, Revision 1)