Check: 5.116
windows 7 iavm:
5.116
(in version v1 r32)
Title
Terminal Services / Remote Desktop Service - Prevent password saving in the Remote Desktop Client. (Cat II impact)
Discussion
This check verifies that the system is configured to prevent users from saving passwords in the Remote Desktop Client.
Check Content
If the following registry value doesn’t exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: DisablePasswordSaving Type: REG_DWORD Value: 1
Fix Text
Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Connection Client “Do not allow passwords to be saved” to “Enabled”.
Additional Identifiers
Rule ID:
Vulnerability ID: V-14247
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002038 |
The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication. |
Controls
Number | Title |
---|---|
IA-11 |
Re-authentication |