Bypassing group policy for "logon as service"

Vadim Rapp 1 Reputation point
2022-01-07T20:18:53.867+00:00

Hi,

I found that it's possible to bypass group policy-enforced setting "allow log on as service" by specifying the logon for a service in Services applet, and submitted to Microsoft security response team the following steps (ticket VULN-060371) :

  1. Have domain group policy with specified setting "log on as service" that specifies who can log on as service
  2. Have this policy applying to this Windows 10 machine
  3. open Services, and for a service that is currently running as local system account, change logon to user X (who is not one of those allowed in GP), and specify the password
  4. observe message "User X has been granted "logon as service" privilege"
  5. open Local Security Policy, navigate to Local Policies / user rights assignment / logon as service - verify that user X is indeed in the list - contrary to GP
  6. However, you can't even remove him now from the list; the buttons are disabled because this is controlled by group policy.

I then received the following response:

Thank you for contacting the Microsoft Security Response Center (MSRC). What you're reporting appears to be a bug/product suggestion for Edge, but would not meet the bar for security servicing. Please submit this through the "Feedback" option within the browser via "Help & Feedback" section.

I.e. it looks like this was understood as a problem with Edge browser? It certainly has nothing to do with Edge.

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Client for IT Pros | User experience | Other
{count} votes

2 answers

Sort by: Most helpful
  1. Reza-Ameri 17,341 Reputation points Volunteer Moderator
    2022-01-09T15:47:44.467+00:00

    In case this is a response from the MSRC, try contact them again to verify if this is really not a security issue and then you may create a proof of concept of how to reproduce it and use the Feedback Hub app in Windows and report this issue.

    0 comments No comments

  2. Limitless Technology 39,926 Reputation points
    2022-01-11T09:41:04.357+00:00

    Hi there,

    If this is a security bug and If you believe you have found a security vulnerability that meets Microsoft's definition of a security vulnerability, you must submit the report to MSRC at https://msrc.microsoft.com/create-report.

    If the vulnerability you are reporting is from a penetration test, work through your Microsoft Customer Support Services team who can help interpret the report and suggest remediation's.

    Report an issue and submission guidelines
    https://www.microsoft.com/en-us/msrc/faqs-report-an-issue


    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.