Remote Desktop Services must always prompt a client for passwords upon connection.

From Windows 8/8.1 Security Technical Implementation Guide

Part of TS/RDS - Password Prompting

Associated with: CCI-002038

SV-48088r1_rule Remote Desktop Services must always prompt a client for passwords upon connection.

Vulnerability discussion

This setting controls the ability of users to supply passwords automatically as part of their remote desktop connection. Disabling this setting would allow anyone to use the stored credentials in a connection item to connect to the terminal server.

Check content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: fPromptForPassword Type: REG_DWORD Value: 1

Fix text

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security -> "Always prompt for password upon connection" to "Enabled".

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer