CCE-42155-2Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
'Set time limit for disconnected sessions' to never
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.
You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.
When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select "Never". If you have a console session, disconnected session time limits do not apply.
If you disable or do not configure this policy setting, disconnected sessions are maintained for an unlimited time. You can specify time limits for disconnected sessions on the Sessions tab in the Remote Desktop Session Host Configuration tool.
Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
Counter Measure:
Configure this setting depending on your organization's requirements.
Potential Impact:
Disconnected sessions are deleted from the server after the specified amount of time.
Parameter:
[never/1 minute/5 minutes/10 minutes/15 minutes/30 minutes]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSession Time LimitsSet time limit for disconnected sessions
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTTerminal ServicesMaxDisconnectionTime
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35069 |