Title

Terminal Services is not configured to limit users to one remote session. (Cat II impact)

Discussion

This setting limits users to one remote session. It is possible, if this setting is disabled, for users to establish multiple sessions.

Check Content

If the following registry value doesn’t exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: fSingleSessionPerUser Type: REG_DWORD Value: 1 Documentable Explanation: If the system has the role as a Terminal/Remote Desktop Server or the site is using remote desktop services for remote administration, this requirement needs to be documented with the IAO.

Fix Text

2003 - Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services “Restrict Terminal Server users to a Single Remote Session” to “Enabled”.

Additional Identifiers

Rule ID: SV-3449r1_rule

Vulnerability ID: V-3449

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.