Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Terminal Services is not configured to always prompt a client for passwords upon connection.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3453 | 5.042 | SV-3453r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| This setting, which is located under the Encryption and Security section of the Terminal Services configuration option, controls the ability of users to supply passwords automatically as part of their Remote Desktop Connection. Disabling this setting would allow anyone to use the stored credentials in a connection item to connect to the terminal server. |
| STIG | Date |
|---|---|
| Windows XP Security Technical Implementation Guide | 2012-06-29 |
Details
| Check Text ( C-1880r1_chk ) |
|---|
| If the following registry value doesn’t exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: fPromptForPassword Type: REG_DWORD Value: 1 |
| Fix Text (F-5922r1_fix) |
|---|
| Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services -> Encryption and Security “Always Prompt Client for Password upon Connection” to “Enabled”. |