The case of the missing GPO setting

Recently I had to develop the group policy for implementing the DISA STIG for Windows 2008 R2 on our network. Everything was going great until I hit the following item:

Group ID:V-16001
Group Title:TS/RDS – Printer Redirection
Rule ID:SV-32508r1_rule
Severity:Cat 3
Rule Version:5.078
Rule Title:The system will be configured to allow only the default client printer to be redirected in the Remote Desktop session. (Remote Desktop Services Role)
Vulnerability Discussion: This check verifies that the system is configured to allow only the default client printer to be redirected in the Remote Desktop session.
Responsibility:System Administrator
IA Controls:ECSC-1
Check Content:”If the following registry value doesn’t exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE, Subkey: \Software\Policies\Microsoft\Windows NT\Terminal Services\   Value Name:  RedirectOnlyDefaultClientPrinter   Type: REG_DWORD   Value: 1″
Fix Text:Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Printer Redirection “Redirect only the default client printer” to “Enabled”.
Source:Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide, 26 Oct 2012

The setting wasn’t showing up in the group policy editor. Turns out that particular setting is only available to you when editing the policy from a SERVER. My Win7 machine would not display that setting.

Copyright info

Advertisements

Comments are closed.