Details
Allows the redirection of Printers/Drives/Ports for RDP connections.
The recommended state for this setting is: Disabled.
Rationale:
In a security-sensitive environment, it is desirable to reduce the possible attack surface – preventing the redirection of COM, LPT and PnP ports will reduce the number of unexpected avenues for data exfiltration and/or malicious code transfer within an RDP session.
Impact:
Printers, drives and ports (COM, LPT, PnP, etc.) will not be allowed to be redirected inside RDP sessions.
Solution
To establish the recommended configuration via GP, set the following UI path to: Disabled.
Computer ConfigurationPoliciesWindows SettingsSecurity SettingsSystem ServicesRemote Desktop Services UserMode Port Redirector
Default Value:
Manual
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.