Over the weekend, the security team applied a new server-hardening Group Policy Object (GPO) to all Windows Server 2019 member servers. On Monday morning, you discover that a custom inventory-collector service fails to start. The Services console displays "Error 5: Access is denied," and the System event log records Event ID 7000 for the service. You verify that the service account's password is valid, the executable path is correct, and the service files are intact. Which action will MOST likely restore the service while still following the principle of least privilege?
Change the service to run under the built-in Local System account.
Grant the service account the "Log on as a service" right via the applicable Group Policy.
Disable User Account Control (UAC) on the server and reboot.
Add the service account to the local Administrators group on the server.
Event ID 7000 combined with the "Error 5: Access is denied" message indicates that the account specified on the Log On tab could not be used to start the service. Microsoft documentation states that this occurs when the account no longer has the Log on as a service user right, often because a new Group Policy overwrote local settings. Restoring that single right allows the service to start without giving the account any broader privileges.
Adding the account to local Administrators or switching the service to run under Local System would also start the service, but both options grant far more privilege than required and violate least-privilege guidelines. Disabling UAC does not affect service logon rights and would not resolve the startup failure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the 'Log on as a service' right, and why is it necessary for certain services?
Open an interactive chat with Bash
What is the principle of least privilege, and why is it important when granting permissions?
Open an interactive chat with Bash
What is Event ID 7000, and how can it help troubleshoot service-related errors?