Terminal Services / Remote Desktop Services - Prevent users from connecting using Terminal Servies or Remote Desktop.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-14248	5.117	SV-14859r1_rule	ECSC-1	Medium

Description
This check verifies that the system is configured to prevent users from connecting to a computer using Terminal Services or Remote Desktop.

STIG	Date
Windows Vista Security Technical Implementation Guide	2013-10-01

Details

Check Text ( C-11594r1_chk )
If the following registry value doesn’t exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: fDenyTSConnections Type: REG_DWORD Value: 1 Documentable Explanation: If terminal services/remote desktop for remote administration is being used, then this would not be a finding. This requirement needs to be documented with the IAO.

Check Text ( C-11594r1_chk )

If the following registry value doesn’t exist or is not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\

Value Name: fDenyTSConnections

Type: REG_DWORD
Value: 1

Documentable Explanation: If terminal services/remote desktop for remote administration is being used, then this would not be a finding. This requirement needs to be documented with the IAO.

Fix Text (F-13573r1_fix)
Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services -> Terminal Server -> Connections “Allow users to connect remotely using Terminal Services” to “Disabled.