[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-42109-9

Platform: cpe:/o:microsoft:windows_10Date: (C)2016-09-23   (M)2023-07-04



Specify the 'Server Authentication Certificate Template' value This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when SSL (TLS 1.0) is used to secure communication between a client and an RD Session Host server during RDP connections. If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate has not been selected. If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. If you disable or do not configure this policy setting, a self-signed certificate will be used by default to authenticate the RD Session Host server. You can select a specific certificate to be used to authenticate the RD Session Host server on the General tab of the Remote Desktop Session Host Configuration tool. Note: If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting. Counter Measure: Configure this setting depending on your organization's requirements. Potential Impact: Only certificates you create by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected.


Parameter:

[certificate template name]


Technical Mechanism:

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSecurityServer Authentication Certificate Template (2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTTerminal ServicesCertTemplateName

CCSS Severity:CCSS Metrics:
CCSS Score : 4.8Attack Vector: NETWORK
Exploit Score: 2.2Attack Complexity: HIGH
Impact Score: 2.5Privileges Required: NONE
Severity: MEDIUMUser Interaction: NONE
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NScope: UNCHANGED
 Confidentiality: LOW
 Integrity: LOW
 Availability: NONE
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:35057


OVAL    1
oval:org.secpod.oval:def:35057
XCCDF    5
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_10
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_10
xccdf_org.secpod_benchmark_PCI_3_2_Windows_10
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_10
...

© SecPod Technologies