18.10.56.3.3.4 (L2) Ensure 'Do not allow location redirection' is set to 'Enabled'

Information

This policy setting controls the redirection of location data to the remote computer in a Remote Desktop Services session.

The recommended state for this setting is: Enabled

In a more security-sensitive environment, it is desirable to reduce the possible attack surface. The need for location data redirection within a Remote Desktop session is rare, so it makes sense to reduce the number of unexpected avenues for malicious activity to occur.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow location redirection

Note: This Group Policy path is provided by the Group Policy template TerminalServer.admx/adml that is included with the Microsoft Windows 10 Release 21H2 Administrative Templates (or newer).

Impact:

Users will not be able to redirect their location data to the remote computer.

See Also

https://workbench.cisecurity.org/benchmarks/16514

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7

Plugin: Windows

Control ID: 1715b88b2c401957675d82d91c493f72f1d48493d7cea605ad1af01e0085f74a