Details
Allows the redirection of Printers/Drives/Ports for RDP connections.
The recommended state for this setting is: Disabled.
Rationale:
In a security-sensitive environment, it is desirable to reduce the possible attack surface – preventing the redirection of COM, LPT and PnP ports will reduce the number of unexpected avenues for data exfiltration and/or malicious code transfer within an RDP session.
Solution
To establish the recommended configuration via GP, set the following UI path to: Disabled.
Computer ConfigurationPoliciesWindows SettingsSecurity SettingsSystem ServicesRemote Desktop Services UserMode Port Redirector
Impact:
Printers, drives and ports (COM, LPT, PnP, etc.) will not be allowed to be redirected inside RDP sessions.
Default Value:
Manual
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.