Back

Disable Remote Access Auto Connection Manager unless Remote Access Auto Connection Manager use is absolutely necessary.


CONTROL ID
04285
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • For Windows 2003 Server, the organization must configure the permissions for Remote Access Auto Connection Manager (RasAuto) to Administrators: Full Control; System: Read; and System: Start, Stop, and Pause. (Table F-2, CMS Business Partners Systems Security Manual, Rev. 10)
  • The Remote Access Auto Connection Manager service should be disabled. The service should be documented if enabling it is required. (ยง 5.2.2.1, DISA Windows Server 2003 Security Checklist, Version 6 Release 1.11)