Disable Remote Desktop Help Session Manager unless Remote Desktop Help Session Manager use is absolutely necessary.
CONTROL ID 01822
CONTROL TYPE Configuration
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880
This Control has the following implementation support Control(s):
Disable the "Offer Remote Assistance" setting., CC ID: 04325
Disable the "Solicited Remote Assistance" setting., CC ID: 04326
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Apple Remote Desktop should be disabled. It is a desktop management tool that provides AES-128 encryption. (Pg 87, Pg 129, Mac OS X Security Configuration for version 10.4 or later, second edition, Second Edition)
The organization must only enable Remote Desktop Help Session Manager if absolutely necessary. This service supports the Remote Assistance functionality. (§ 4.1.13, The Center for Internet Security Windows XP Professional SP1/SP2 Benchmark, 2.01)
Table F-2: For Windows 2003 Server, the organization must configure the permissions for Remote Desktop Help Session Manager (RDSessMgr) to Administrators: Full Control; System: Read; and System: Start, Stop, and Pause.
Table F-3: For Windows 2000 Professional, the organization must configure the per… (Table F-2, Table F-3, Table F-4, CMS Business Partners Systems Security Manual, Rev. 10)
The Remote Desktop Help Session Manager service should be disabled. The service should be documented if enabling it is required. (§ 5.2.2.1, DISA Windows Server 2003 Security Checklist, Version 6 Release 1.11)
The Remote Desktop Help Session Manager service should be Disabled, unless absolutely necessary. If it is Enabled, there should be a documented and justified reason. (§ 5.2.2.1, DISA Windows XP Security Checklist, Version 6 Release 1.11)
For Specialized Security - Limited Functionality systems, this service should be Disabled. For all other Windows XP environments, this service is Not Defined. (§ 3.1.1, § 6.5, Guidance for Securing Microsoft Windows XP Systems for IT Professionals, NIST SP 800-68, Revision 1)
This service is used in the Help and Support Center for controlling and managing Remote Assistance. The Remote Desktop Help Session Manager service is Not Defined for Enterprise Client environments and should be Disabled for Specialized Security - Limited Functionality environments. (Pg 69, NSA Guide to Security Microsoft Windows XP)