Back

Configure the "Allow script-initiated windows without size or position constraints" setting in limited functionality environments properly.


CONTROL ID
04424
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting determines the restrictions on script-initiated, pop-up windows and windows that include the title and status bars. For Enterprise Client environments, the Allow Script-Inititated Windows Without Size Or Position Contraints setting is Not Configured. For Specialized Security - Limited F… (Pg 110, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Allow script-initiated windows without size or position constraints" setting should be configured correctly for the Internet Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security… (CCE-4099-8, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security… (CCE-9814-5, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Internet Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\In… (CCE-9882-2, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Internet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Z… (CCE-15667-9, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Secu… (CCE-15649-7, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Local Machine Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Securit… (CCE-16459-0, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Internet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Pag… (CCE-15693-5, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Securit… (CCE-16226-3, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Intranet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Pag… (CCE-16495-4, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Local Machine Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local… (CCE-16003-6, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Re… (CCE-17107-4, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Intranet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Z… (CCE-16437-6, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Trusted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trust… (CCE-16639-7, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • Disable the Allow Script-Inititated Windows Without Size Or Position Constraints setting for limited functionality environments (oval:gov.nist.fdcc.ie7:def:589, oval:gov.nist.fdcc.ie7:def:1234, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Allow script-initiated windows without size or position constraints - Internet Zone - Local Computer (AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_InternetZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Allow script-initiated windows without size or position constraints - Restricted Sites Zone - Local Computer (AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_RestrictedSitesZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. If you enable this policy setting, Windows Restrictions security will not apply in this zone. (xccdf_gov.nist_rule_AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:1234, oval:gov.nist.USGCB.ie7:tst:3737, oval:gov.nist.USGCB.ie7:obj:176, oval:gov.nist.USGCB.ie7:ste:3776, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. If you enable this policy setting, Windows Restrictions security will not apply in this zone. (xccdf_gov.nist_rule_AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:589, oval:gov.nist.USGCB.ie7:tst:3835, oval:gov.nist.USGCB.ie7:obj:172, oval:gov.nist.USGCB.ie7:ste:2992, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. If you enable this policy setting, Windows Restrictions security will not apply in this zone. (xccdf_gov.nist_rule_AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31022, oval:gov.nist.USGCB.ie8:tst:31022, oval:gov.nist.USGCB.ie8:obj:31022, oval:gov.nist.USGCB.ie8:ste:31022, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. If you enable this policy setting, Windows Restrictions security will not apply in this zone. (xccdf_gov.nist_rule_AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31060, oval:gov.nist.USGCB.ie8:tst:31060, oval:gov.nist.USGCB.ie8:obj:31060, oval:gov.nist.USGCB.ie8:ste:31060, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)