An error occurred:

Check: 3.082

Windows Vista STIG: 3.082 (in versions v6 r42 through v6 r41)

Title

The system is configured to allow unsolicited remote assistance offers. (Cat II impact)

Discussion

This setting controls whether unsolicited offers of help to this computer are allowed. The list of users allowed to offer remote assistance to this system is accessed by pressing the Helpers button.

Check Content

If the following registry value doesn’t exist or is not configured as specified this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: fAllowUnsolicited Type: REG_DWORD Value: 0 Documentable: Yes Documentable Explanation: Offer remote assistance can be enabled on workstations if mitigations are in place. This must be documented with the IAO. Mitigations: -Users must be trained to include the following: -Who they can accept assistance offer from. Offer must be in response to help desk request or confirmed with help desk if unsolicited offer comes through. -Users must know how to accept request, allow view or control, and how to disconnect a remote assistance session. -Users needs monitor the assistance activity at the workstation while it is occurring. -The support personnel allowed to offer assistance (helpers) must be limited and documented. -Port 3389 should be blocked at the perimeter to prevent other access. Accounts and groups authorized to offer remote assistance (helpers) are identified in the following registry key. Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\ RAUnsolicit\ Each Account or group will be listed under a separate value name with the value equaling the value name as in the following examples. Value Name: Administrators Type: REG_SZ Value: Administrators Value Name: TestUser Type: REG_SZ Value: TestUser

Fix Text

Configure the system to prevent unsolicited remote assistance offers by setting the policy value for Computer Configuration -> Administrative Templates -> System -> Remote Assistance “Offer Remote Assistance” to “Disabled”.

Additional Identifiers

Rule ID: SV-29282r1_rule

Vulnerability ID: V-3470

Group Title: Remote Assistance - Offer Remote Assistance

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001090

The information system prevents unauthorized and unintended information transfer via shared system resources.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-4

Information In Shared Resources