[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108741

 
 

909

 
 

85475

 
 

134

Paid content will be excluded from the download.


Download | Alert*
OVAL

Do not allow drive redirection

ID: oval:org.secpod.oval:def:40318Date: (C)2017-04-25   (M)2018-04-10
Class: COMPLIANCEFamily: windows




This policy setting prevents users from sharing the local drives on their client computers to Terminal Servers that they access. Mapped drives appear in the session folder tree in Windows Explorer in the following format: \\TSClient\<driveletter>$ If local drives are shared they are left vulnerable to intruders who want to exploit the data that is stored on them. Vulnerability: Data could be forwarded from the user's Terminal Server session to the user's local computer without any direct user interaction. Counter Measure: Configure the Do not allow drive redirection setting to Enabled. Potential Impact: Drive redirection will not be possible. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow drive redirection (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCdm

Platform:
Microsoft Windows Server 2016
Reference:
CCE-46771-2
CPE    1
cpe:/o:microsoft:windows_server_2016:::x64
CCE    1
CCE-46771-2
XCCDF    4
xccdf_org.secpod_benchmark_general_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2016
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2016
...

© SecPod Technologies