[Forgot Password]
Login  Register Subscribe

23631

 
 

119105

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Do not allow local administrators to customize permissions

ID: oval:org.secpod.oval:def:27500Date: (C)2015-10-08   (M)2017-10-31
Class: COMPLIANCEFamily: windows




Specifies whether to disable the administrator rights to customize security permissions in the Remote Desktop Session Host Configuration tool. You can use this setting to prevent administrators from making changes to the user groups on the Permissions tab in the Remote Desktop Session Host Configuration tool. By default, administrators are able to make such changes. If the status is set to Enabled, the Permissions tab in the Remote Desktop Session Host Configuration tool cannot be used to customize per-connection security descriptors or to change the default security descriptors for an existing group. All of the security descriptors are Read Only. If the status is set to Disabled or Not Configured, server administrators have full Read/Write privileges to the user security descriptors on the Permissions tab in the Remote Desktop Session Host Configuration tool. Note: The preferred method of managing user access is by adding a user to the Remote Desktop Users group. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security!Do not allow local administrators to customize permissions (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fWritableTSCCPermTab

Platform:
Microsoft Windows Server 2012 R2
Reference:
CCE-36467-9
CPE    1
cpe:/o:microsoft:windows_server_2012::r2:x64
CCE    1
CCE-36467-9
XCCDF    2
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2012_R2
xccdf_org.secpod_benchmark_general_Windows_2012_R2

© 2013 SecPod Technologies