Check: 5.046
Windows Vista STIG:
5.046
(in versions v6 r42 through v6 r41)
Title
Terminal Services is not configured to set a time limit for disconnected sessions. (Cat II impact)
Discussion
This setting controls how long a session will remain open if it is unexpectedly terminated. Such sessions should be terminated as soon as possible.
Check Content
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: MaxDisconnectionTime Type: REG_DWORD Value: 0x0000ea60 (60000)
Fix Text
Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services -> Terminal Server -> Session Time Limits “Set Time Limit for Disconnected Sessions” to “Enabled”, and the “End a disconnected session” set to “1 minute".
Additional Identifiers
Rule ID: SV-16613r1_rule
Vulnerability ID: V-3457
Group Title: TS/RDS - Time Limit for Disc. Session
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001133 |
The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity. |
| CCI-002361 |
The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect. |