Microsoft Windows Server 2025
Windows Server 2025 Remote Desktop Services must prevent drive redirection
STIG ID:
WN25-CC-000350
|
SRG:
SRG-OS-000138-GPOS-00069
|
Severity:
Medium
|
CCI:
CCI-001090
|
Vulnerability ID:
V-278113
Description
Preventing users from sharing the local drives on their client computers with Remote Session Hosts that they access helps reduce possible exposure of sensitive data.
Check
C-82643r1181043_chk
If the following registry value does not exist or is not configured as specified, this is a finding:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\
Value Name: fDisableCdm
Type: REG_DWORD
Value: 0x00000001 (1)
Fix
F-82548r1181044_fix
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Device and Resource Redirection >> Do not allow drive redirection to "Enabled".