--%> SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)
[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-45743-2

Platform: win2016Date: (C)2017-08-03   (M)2017-10-16



"Always prompt for password upon connection" This policy setting specifies whether Terminal Services always prompts the client computer for a password upon connection. You can use this policy setting to enforce a password prompt for users who log on to Terminal Services, even if they already provided the password in the Remote Desktop Connection client. By default, Terminal Services allows users to automatically log on if they enter a password in the Remote Desktop Connection client. Note If you do not configure this policy setting, the local computer administrator can use the Terminal Services Configuration tool to either allow or prevent passwords from being automatically sent. Vulnerability: Users have the option to store both their username and password when they create a new Remote Desktop connection shortcut. If the server that runs Terminal Services allows users who have used this feature to log on to the server but not enter their password, then it is possible that an attacker who has gained physical access to the user's computer could connect to a Terminal Server through the Remote Desktop connection shortcut, even though they may not know the user's password. Counter Measure: Configure the Always prompt client for a password on connection setting to Enabled. Potential Impact: Users will always have to enter their password when they establish new Terminal Server sessions.


Parameter: fPromptForPassword


Technical Mechanism: Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fPromptForPassword

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:40330


OVAL    1
oval:org.secpod.oval:def:40330
XCCDF    3
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2016
xccdf_org.secpod_benchmark_general_Windows_Server_2016

© 2013 SecPod Technologies