This policy setting specifies whether the computer that is about to host the remote connection will enforce an encryption level for all data sent between it and the client computer for the remote session. Vulnerability: If Terminal Server client connections are allowed that use low level encryption, it is more likely that an attacker will be able to decrypt any captured Terminal Services network traffic. Counter Measure: Configure the Set Client Connection Encryption Level setting to High Level. Potential Impact: Clients that do not support 128-bit encryption will be unable to establish Terminal Server sessions. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Set client connection encryption level (2) REG: NO INFO [low level/client compatible/high level] (1) GPO: Computer Configuration\\Administrative Templates\\Windows Components\\Remote Desktop Services\\Remote Desktop Session Host\\Security\\Set client connection encryption level (2) REG: NO INFO oval:org.secpod.oval:def:40195 SCAP Repo OVAL Definition 2017-04-25