Title

Terminal Services is not configured to limit users to one remote session (Terminal Server Role) (Cat II impact)

Discussion

This setting limits users to one remote session. It is possible, if this setting is disabled, for users to establish multiple sessions.

Check Content

2008 - If the following registry value doesn’t exist or its value is not set to 1, then this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: fSingleSessionPerUser Type: REG_DWORD Value: 1 Documentable Explanation: If the system has the role as a Terminal Server, or the site is using terminal services for remote administration this requirement needs to be documented with the IAO.

Fix Text

2008 - Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services -> Terminal Server -> Connections “Restrict Terminal Server users to a Single Remote Session” to “Enabled”.

Additional Identifiers

Rule ID: SV-16938r1_rule

Vulnerability ID: V-3449

Group Title: TS/RDS - Session Limit

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.