Microsoft Windows Server 2019
Windows Server 2019 Remote Desktop Services must prevent drive redirection
STIG ID:
WN19-CC-000350
|
SRG:
SRG-OS-000138-GPOS-00069
|
Severity:
Medium
|
CCI:
CCI-001090
|
Vulnerability ID:
V-205722
Description
Preventing users from sharing the local drives on their client computers with Remote Session Hosts that they access helps reduce possible exposure of sensitive data.
Check
C-5987r355084_chk
If the following registry value does not exist or is not configured as specified, this is a finding:Registry Hive: HKEY_LOCAL_MACHINERegistry Path: \SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Value Name: fDisableCdmType: REG_DWORDValue: 0x00000001 (1)
Fix
F-5987r355085_fix
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Device and Resource Redirection >> "Do not allow drive redirection" to "Enabled".