Back

Configure the "Do not allow users to enable or disable add-ons" setting in Internet Explorer properly.


CONTROL ID
04340
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting determines if users can install or delete add-ons from Internet Explorer. The Do Not Allow Users To Enable Or Disable Add-ons setting should be Enabled. (Pg 82, Pg 101, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • Users should not be able to allow or deny add-ons through Manage Add-ons. The "Do not allow users to enable or disable add-ons" value should be set to Enabled. The "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoExtensionManagement" registry value should be set to 1. (ยง 3.7.1.8 (5.114), DISA Windows VISTA Security Checklist, Version 6 Release 1.11)
  • The "Do Not Allow Users to enable or Disable Add-Ons" setting should be configured correctly. (oval:gov.nist.fdcc.ie7:def:1694, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Do Not Allow Users to enable or Disable Add-Ons - Local Computer (DoNotAllowUsersEnableDisableAddOns_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • This setting determines if users can install or delete add-ons from Internet Explorer. The Do Not Allow Users To Enable Or Disable Add-ons setting should be Enabled. (Pg 90, NSA Guide to Security Microsoft Windows XP)