2.8.4 Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled'

Information

This setting allows someone physically present at the host machine to see what a user is doing while a remote connection is in progress.

If this setting is disabled, a host's physical input and output devices are enabled while a remote connection is in progress.

The recommended state for this setting is: Disabled (0)

Rationale:

If a remote session is in progress, the user physically present at the host machine shall be able to see what a remote user is doing.

Impact:

None - This is the default behavior.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Polices\Administrative Templates\Google\Google Chrome\Remote access\Enable curtaining of remote access hosts

Default Value:

Unset (Same as Disabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-17, 800-53|AC-17(1), 800-53|SC-7, 800-53|SI-4, CSCv7|12.12

Plugin: Windows

Control ID: 244c855a90e7a2eb9b33169f9eeff867085a64f03488b43e2b814c5d07cf16f5