Deny log on as a service

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Deny log on as a service


This security setting determines which service accounts are prevented from registering a process as a service. This policy setting supersedes the Log on as a service policy setting if an account is subject to both policies.


  • This security setting does not apply to the System, Local¬†Service, or Network¬†Service accounts.

Default: None.

Configuring this security setting

You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\

For specific instructions about how to configure security policy settings, see Edit security settings on a Group Policy object.

For more information, see: