Back

Configure the "Initialize and script ActiveX controls not marked as safe" setting in limited functionality environments properly.


CONTROL ID
04429
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting determines if ActiveX controls not marked as safe will be executed. For Enterprise Client environments, the Initialize And Script ActiveX Controls Not Marked As Safe setting is Not Configured. For Specialized Security - Limited Functionality environments, this setting should be set to E… (Pg 112, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Initialize and script ActiveX controls not marked as safe for scripting" setting should be configured correctly for the Internet Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Secu… (CCE-4068-3, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Rest… (CCE-10347-3, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Internet Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zon… (CCE-10561-9, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Internet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Initia… (CCE-15825-3, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Local Machine Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Loc… (CCE-15512-7, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\… (CCE-16015-0, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Loc… (CCE-16215-6, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Intranet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-D… (CCE-16492-1, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Internet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-D… (CCE-16291-7, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Local Machine Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Z… (CCE-15237-1, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted S… (CCE-16709-8, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Intranet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Initia… (CCE-15421-1, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Trusted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Z… (CCE-16766-8, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Initialize and script ActiveX controls not marked as safe for scripting" setting should be configured correctly for the Internet Zone. (oval:gov.nist.fdcc.ie7:def:1040, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Initialize and script ActiveX controls not marked as safe - Internet Zone - Local Computer (InitializeScriptActiveXControlsNotMarkedAsSafe_InternetZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Initialize and script ActiveX controls not marked as safe - Restricted Sites Zone - Local Computer (InitializeScriptActiveXControlsNotMarkedAsSafe_RestrictedSitesZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. (xccdf_gov.nist_rule_InitializeScriptActiveXControlsNotMarkedAsSafe_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:1040, oval:gov.nist.USGCB.ie7:tst:3289, oval:gov.nist.USGCB.ie7:obj:18, oval:gov.nist.USGCB.ie7:ste:3019, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. (xccdf_gov.nist_rule_InitializeScriptActiveXControlsNotMarkedAsSafe_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:273, oval:gov.nist.USGCB.ie7:tst:3343, oval:gov.nist.USGCB.ie7:obj:33, oval:gov.nist.USGCB.ie7:ste:2987, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. (xccdf_gov.nist_rule_InitializeScriptActiveXControlsNotMarkedAsSafe_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31028, oval:gov.nist.USGCB.ie8:tst:31028, oval:gov.nist.USGCB.ie8:obj:31028, oval:gov.nist.USGCB.ie8:ste:31028, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. (xccdf_gov.nist_rule_InitializeScriptActiveXControlsNotMarkedAsSafe_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31066, oval:gov.nist.USGCB.ie8:tst:31066, oval:gov.nist.USGCB.ie8:obj:31066, oval:gov.nist.USGCB.ie8:ste:31066, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)