5.22 Ensure 'Remote Desktop Services (TermService)' is set to 'Disabled'

Information

Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service.

The recommended state for this setting is: Disabled.

Rationale:

In a high security environment, Remote Desktop access is an increased security risk. For these environments, only local console access should be permitted.

Impact:

Remote Desktop Services will not be available on the computer.

Solution

To establish the recommended configuration via GP, set the following UI path to: Disabled.

Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Remote Desktop Services

Default Value:

Manual

See Also

https://workbench.cisecurity.org/files/3714

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7, CSCv6|9.1, CSCv7|9.2

Plugin: Windows

Control ID: 8d7db5c727476a3426aa6f7010463628309252b2aadca415f4bf1b66910749ec