CCE-34508-2| Platform: cpe:/o:microsoft:windows_8.1 | Date: (C)2015-10-14 (M)2023-07-04 |
Do not allow smart card device redirection
This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.
If you enable this policy setting, Remote Desktop Services users cannot use a smart card to log on to a Remote Desktop Services session.
If you disable or do not configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.
Note: The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostDevice and Resource Redirection!Do not allow smart card device redirection
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTTerminal Services!fEnableSmartCard
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 6.6 | Attack Vector: NETWORK |
| Exploit Score: 0.7 | Attack Complexity: HIGH |
| Impact Score: 5.9 | Privileges Required: HIGH |
| Severity: MEDIUM | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:29458 |
