2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled'

Information

This is a setting for Chrome Remote desktop. If this setting is Disabled, the remote access host service cannot be started or configured to accept incoming connections.

Disabled (0): Prevent remote access connections to this machine

Enabled (1): Allow remote access connections to this machine

The recommended state for this setting is: Disabled (0)

Rationale:

Only approved remote access systems should be used.

NOTE: If Chrome Remote Desktop is approved and required for use, then this setting can be ignored.

Impact:

This setting will disable Chrome Remote Desktop. In general, Chrome Remote Desktop is not used by most businesses, so disabling it should have no impact.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Google\Google Chrome\Remote Access\Allow remote access connections to this machine

Default Value:

Unset (Same as Enabled, but user can change)

See Also

https://workbench.cisecurity.org/files/3653

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-17, 800-53|AC-17(1), 800-53|SC-7, 800-53|SI-4, CSCv7|12.12

Plugin: Windows

Control ID: c531316d898571e0a92ec822e125301150d75fb13f74d8e80f4565f8245c242d