3.11.55.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled'

Information

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on the network for requests on the HTTP transport over the default HTTP port.

The recommended state for this setting is: Disabled

Any feature is a potential avenue of attack, those that enable inbound network connections are particularly risky. Only enable the use of the Windows Remote Management (WinRM) service on trusted networks and when feasible employ additional controls such as IPsec.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Disabled

Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Allow remote server management through WinRM

Impact:

None - this is the default behavior.

See Also

https://workbench.cisecurity.org/benchmarks/16852

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Windows

Control ID: d151aaa9f07e96d3d8c1c5295ed1d3950c6f018e4b9d77033f3d4305c52b8a33