Title

Remote control of a Terminal Service session is allowed. (Cat I impact)

Discussion

This setting is used to control the rules for remote control of Terminal Services user sessions. This is a Category 1 finding because remote control of sessions could permit an unauthorized user to access sensitive information on the controlled system.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: Shadow Type: REG_DWORD Value: 0

Fix Text

Configure the system to prevent remote control of the computer by setting the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services, “Sets rules for remote control of Terminal Services user settings” to “Enabled” and the “Options” will be set to “No remote control allowed”.

Additional Identifiers

Rule ID: SV-3341r1_rule

Vulnerability ID: V-3341

Group Title: Terminal Service - Remote Control Settings

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.