Back

Disable Remote Access Connection Manager unless Remote Access Connection Manager use is absolutely necessary.


CONTROL ID
04286
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • For Windows 2003 Server, the organization must configure the permissions for Remote Access Connection Manager (RasMan) to Administrators: Full Control; System: Read; and System: Start, Stop, and Pause. (Table F-2, CMS Business Partners Systems Security Manual, Rev. 10)
  • The Remote Access Connection Manager service should be disabled. The service should be documented if enabling it is required. (§ 5.2.2.1, DISA Windows Server 2003 Security Checklist, Version 6 Release 1.11)
  • The Remote Access Connection Manager service should be Disabled, unless absolutely necessary. If it is Enabled, there should be a documented and justified reason. (§ 5.2.2.1, DISA Windows XP Security Checklist, Version 6 Release 1.11)