18.9.97.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled'

Information

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on the network for requests on the HTTP transport over the default HTTP port.

The recommended state for this setting is: Disabled.

Rationale:

Any feature is a potential avenue of attack, those that enable inbound network connections are particularly risky. Only enable the use of the Windows Remote Management (WinRM) service on trusted networks and when feasible employ additional controls such as IPsec.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Allow remote server management through WinRM

Note: This Group Policy path is provided by the Group Policy template WindowsRemoteManagement.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.
Note #2: In older Microsoft Windows Administrative Templates, this setting was initially named Allow automatic configuration of listeners, but it was renamed starting with the Windows 8.0 & Server 2012 (non-R2) Administrative Templates.

Impact:

None - this is the default behavior.

Default Value:

Disabled. (The WinRM service will not respond to requests from a remote computer, regardless of whether or not any WinRM listeners are configured.)

See Also

https://workbench.cisecurity.org/files/2700

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(4)

Plugin: Windows

Control ID: 8ee6c93e3894b2e01f873a7374aef4b92f704d02a7d5b0499e51c9809f52524a