Terminal Services is not configured to limit the number of connections.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-3450	5.039	SV-3450r1_rule	ECSC-1	Medium

Description
This setting limits the number of simultaneous connections allowed to the terminal server. By default, unlimited connections are allowed. Allowing unlimited connections allows a potential DoS attack. The number of incoming connections should be limited to one.

STIG	Date
Windows 2003 Member Server Security Technical Implementation Guide	2014-01-07

Details

Check Text ( C-1801r1_chk )
If the following registry value doesn’t exist or its value is not set to 1, then this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: MaxInstanceCount Type: REG_DWORD Value: 1 Documentable Explanation: If the system has the role as a Terminal Server, or the site is using terminal services for remote administration this requirement needs to be documented with the IAO.

Check Text ( C-1801r1_chk )

If the following registry value doesn’t exist or its value is not set to 1, then this is a finding:
Registry Hive: HKEY_LOCAL_MACHINE
Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\
Value Name: MaxInstanceCount
Type: REG_DWORD
Value: 1

Documentable Explanation: If the system has the role as a Terminal Server, or the site is using terminal services for remote administration this requirement needs to be documented with the IAO.

Fix Text (F-5919r1_fix)
Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services “Limit Number of Connections” to “Enabled”, and the value “TS maximum connections allowed” to no more than “1”.