This policy setting configures access to remote shells. If you enable this policy setting and set it to False, new remote shell connections are rejected by the server. If you disable or do not configure this policy setting, new remote shell connections are allowed. Countermeasure: Configure Allow Remote Shell Access to Disabled. Potential Impact: If you enable this policy setting, remote access is allowed to all supported shells to execute scripts and commands. If you disable or do not configure this policy setting, remote access is not allowed to all supported shells to execute scripts and commands. Fix: (1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows Remote ShellAllow Remote Shell Access (2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWinRMServiceWinRS!AllowRemoteShellAccess

[enabled/disabled]

(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Allow Remote Shell Access (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!AllowRemoteShellAccess