Automox Worklet: How to Disable Remote Desktop Protocol Connection

In a recent blog, we covered the National Security Agency (NSA) cybersecurity advisory urging all Microsoft Windows Administrators and Users to ensure they are using patched and updated systems based on the potential threats surrounding the BlueKeep vulnerability.

In this blog, we highlighted some cyber hygiene steps to help protect all impacted Windows systems against the vulnerability as organizations work to patch their systems. One step in particular, disabling Remote Desktop Services (RDS), can help stop the BlueKeep vulnerability in its tracks. By disabling unused services, security administrators are reducing the exploitable landscape of their corporate infrastructure to this threat.

Introducing the Automox Worklet

To enable your ability to configure and update systems using the Automox platform, we’ve created an endpoint hardening worklet that disables the remote desktop protocol connection.

An Automox worklet is an open extensible automation architecture that allows IT operations to create any custom task that they can imagine. Our tool consumes and contains these worklets within a policy that can be automated and maintained across all devices with the Automox sensor installed. These reusable units of work can be applied across any supported operating system (including Windows, Linux, and OSX) and are powered by PowerShell and Bash scripting.

How to Disable Remote Desktop Services Worklet

If a machine is unpatchable, security administrators can use this worklet as a mitigating control to protect impacted Windows systems from the BlueKeep vulnerability. This worklet also can act as a general security hardening on all Windows devices with newer operating systems not vulnerable to the specific threat.

To deploy this endpoint hardening worklet, do the following:

1. Log in to your Automox Console.

2. Browse to the System Management page and click Create Policy.

3. Choose Windows under Worklet.

rdp-worklet

4. Insert the Evaluation and Remediation Code scripts. The evaluation code keeps you apprised of each device’s ongoing compliance, as well as flags the device for remediation. The remediation code enforces this setting on the schedule you define.

• Under Evaluation Code: 

# Define Registry Key and sub-value to evaluate
#############################################
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server"
$regProperty = "fDenyTSConnections"
$desiredValue = '1'
#############################################
 
# Retrieve current value for comparison
$currentValue = (Get-ItemProperty -Path $regPath -Name $regProperty).$regProperty
 
# Compare current with desired and exit accordingly.
# 0 for Compliant, 1 for Non-Compliant
if ($currentValue -eq $desiredValue) {
   Exit 0
} else { Exit 1 }
 

• Under Remediation Code:

# Define Registry Key and sub-value to modify
#############################################
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server"
$regProperty = "fDenyTSConnections"
$desiredValue = '1'
#############################################
 
try {
   Set-ItemProperty -Path $regPath -Name $regProperty -Value $desiredValue
   Exit 0
} catch {
   Write-Output "Unable to update $regProperty"
   Exit 1
}
 

evalandremedcode

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions. 

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Get Instant Updates on Vulnerabilities

Subscribe to receive Automox vulnerability alerts

Reduce your threat surface by up to 80%

Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene.

Take 15 days to raise your security confidence!
Start a Free Trial