id: remote-desktop-enabled-non-server

info:
  name: Remote Desktop Enabled on Non-Server OS
  author: princechaddha
  severity: high
  description: Checks if Remote Desktop is enabled on workstation editions where it’s not required.
  impact: |
    Enabling Remote Desktop on non-server OS could lead to unauthorized remote access.
  remediation: |
    Disable Remote Desktop on non-server editions to reduce the risk of remote attacks.
  tags: windows,remote-desktop,network,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name 'fDenyTSConnections'

    matchers:
      - type: word
        words:
          - "0"
# digest: 4a0a0047304502201d0ee23af404b6fa975496e74a984410ab981d8586a2bee9874179878c7b740a0221008d791fa3f2d885e2e961a1c709f25e9e3e4dd13a5faa44e1e9ad660b4395e5f4:922c64590222798bb761d5b6d8e72950