|Platform: win2016||Date: (C)2017-08-03 (M)2017-10-16|
"Set client connection encryption level"
This policy setting specifies whether the computer that is about to host the remote connection will enforce an encryption level for all data sent between it and the client computer for the remote session.
If Terminal Server client connections are allowed that use low level encryption, it is more likely that an attacker will be able to decrypt any captured Terminal Services network traffic.
Configure the Set Client Connection Encryption Level setting to High Level.
Clients that do not support 128-bit encryption will be unable to establish Terminal Server sessions.
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
(2) REG: No Registry Info
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:40195|