[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-37072-6

Platform: win2012r2Date: (C)2015-10-08   (M)2018-07-10



Allow log on through Remote Desktop Services This policy setting determines which users or groups have the right to log on as a Terminal Services client. Remote desktop users require this user right. If your organization uses Remote Assistance as part of its help desk strategy, create a group and assign it this user right through Group Policy. If the help desk in your organization does not use Remote Assistance, assign this user right only to the Administrators group or use the restricted groups feature to ensure that no user accounts are part of the Remote Desktop Users group. Restrict this user right to the Administrators group, and possibly the Remote Desktop Users group, to prevent unwanted users from gaining access to computers on your network by means of the Remote Assistance feature. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.


Parameter:


Technical Mechanism: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment!Allow log on through Remote Desktop Services (2) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeRemoteInteractiveLogonRight' and precedence=1

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:22872


OVAL    1
oval:org.secpod.oval:def:22872
XCCDF    7
xccdf_org.secpod_benchmark_PCI_Windows_2012_R2
xccdf_org.secpod_benchmark_general_Windows_2012_R2
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2012_R2
xccdf_org.secpod_benchmark_ISO27001_Windows_2012_R2
...

© SecPod Technologies