Do not allow drive redirectionID: oval:org.secpod.oval:def:27516 | Date: (C)2015-10-08 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
This policy setting prevents users from sharing the local drives on their client computers to Terminal Servers that they access. Mapped drives appear in the session folder tree in Windows Explorer in the following format:
\\TSClient\<driveletter>$
If local drives are shared they are left vulnerable to intruders who want to exploit the data that is stored on them.
This policy setting prevents users from sharing the local drives on their client computers to Terminal Servers that they access.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection!Do not allow drive redirection
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCdm
Platform: |
Microsoft Windows Server 2012 R2 |