Do not allow COM port redirectionID: oval:org.secpod.oval:def:8750 | Date: (C)2013-01-21 (M)2023-05-09 |
Class: COMPLIANCE | Family: windows |
The Do not allow COM port redirection machine setting should be configured correctly.
Specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session. You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection. If the status is set to Enabled, users cannot redirect server data to the local COM port. If the status is set to Disabled, Remote Desktop Services always allows COM port redirection.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow COM port redirection
(2) KEY: HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCcm
Platform: |
Microsoft Windows Server 2008 R2 |