[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-37330-8

Platform: cpe:/o:microsoft:windows_server_2012::r2Date: (C)2015-10-08   (M)2023-07-14



Require user authentication for remote connections by using Network Level Authentication This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication. This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process. If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase 'Network Level Authentication supported.' If you disable or do not configure this policy setting, Network Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server. You can specify that Network Level Authentication be required for user authentication by using Remote Desktop Session Host Configuration tool or the Remote tab in System Properties. Important: Disabling or not configuring this policy setting provides less security because user authentication will occur later in the remote connection process.


Parameter:

[enable/disable]


Technical Mechanism:

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSecurity!Require user authentication for remote connections by using Network Level Authentication (2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTTerminal Services!UserAuthentication

CCSS Severity:CCSS Metrics:
CCSS Score : 5.9Attack Vector: NETWORK
Exploit Score: 2.2Attack Complexity: HIGH
Impact Score: 3.6Privileges Required: NONE
Severity: MEDIUMUser Interaction: NONE
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: NONE
 Availability: NONE
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:27937


OVAL    1
oval:org.secpod.oval:def:27937
XCCDF    4
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2012_R2
xccdf_org.secpod_benchmark_SecPod_Windows_2012_R2
xccdf_org.secpod_benchmark_SecPod_Windows_Server_2012_R2
xccdf_org.secpod_benchmark_general_Windows_2012_R2
...

© SecPod Technologies