Title

Users must be prevented from connecting using Terminal Services. (Cat II impact)

Discussion

Allowing a Terminal Services session to a workstation enables another avenue of access that could be exploited. The system must be configured to prevent users from connecting to a computer using Terminal Services.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: fDenyTSConnections Type: REG_DWORD Value: 1

Fix Text

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services -> Terminal Server -> Connections "Allow users to connect remotely using Terminal Services" to "Disabled.

Additional Identifiers

Rule ID: SV-14859r2_rule

Vulnerability ID: V-14248

Group Title: TS/RDS - Remote User Connections

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.