Recently I had to develop the group policy for implementing the DISA STIG for Windows 2008 R2 on our network. Everything was going great until I hit the following item:
Group Title:TS/RDS – Printer Redirection
Rule Title:The system will be configured to allow only the default client printer to be redirected in the Remote Desktop session. (Remote Desktop Services Role)
Vulnerability Discussion: This check verifies that the system is configured to allow only the default client printer to be redirected in the Remote Desktop session.
Check Content:”If the following registry value doesn’t exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE, Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: RedirectOnlyDefaultClientPrinter Type: REG_DWORD Value: 1″
Fix Text:Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Printer Redirection “Redirect only the default client printer” to “Enabled”.
Source:Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide, 26 Oct 2012
The setting wasn’t showing up in the group policy editor. Turns out that particular setting is only available to you when editing the policy from a SERVER. My Win7 machine would not display that setting.