Back

Configure the "Logon Options" setting in limited functionality environments.


CONTROL ID
04432
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting determines the logon settings. For Enterprise Client environments, the Logon Options setting is Not Configured. For Specialized Security - Limited Functionality environments, this setting should be set to Enabled:Prompt For Username And Password in the Internet Zone and should be set to… (Pg 113, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Logon" setting should be configured correctly for the Internet Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Poli… (CCE-3623-6, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Logon" setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKC… (CCE-3696-2, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Logon options" machine setting should be configured correctly for the Internet Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Logon options (2) Registry Key: HKEY_LOCA… (CCE-10472-9, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Logon options" machine setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Logon options (2) Registr… (CCE-10651-8, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Logon options" current user setting should be configured correctly for the Internet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Logon options HKEY_CURRENT_USER\Software\Policies\… (CCE-16083-8, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Logon options" current user setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Logon options HKEY_CURRENT_USER\So… (CCE-16196-8, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Logon options" machine setting should be configured correctly for the Intranet Zone. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\… (CCE-15084-7, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Logon options" current user setting should be configured correctly for the Intranet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Logon options HKEY_CURRENT_USER\Software\Policies\… (CCE-16379-0, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • Set the Logon Options setting to Prompt For Username And Password in the Internet Zone and Anonymous Logon in the Restricted Sites Zone in a limited functionality environment (oval:gov.nist.fdcc.ie7:def:691, oval:gov.nist.fdcc.ie7:def:326, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Logon Options - Internet Zone - Local Computer (LogonOptions_InternetZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Logon Options - Restricted Sites Zone - Local Computer (LogonOptions_RestrictedSitesZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the following logon options. (xccdf_gov.nist_rule_LogonOptions_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:326, oval:gov.nist.USGCB.ie7:tst:3267, oval:gov.nist.USGCB.ie7:obj:175, oval:gov.nist.USGCB.ie7:ste:2959, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the following logon options. (xccdf_gov.nist_rule_LogonOptions_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:691, oval:gov.nist.USGCB.ie7:tst:3775, oval:gov.nist.USGCB.ie7:obj:54, oval:gov.nist.USGCB.ie7:ste:2991, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the following logon options. (xccdf_gov.nist_rule_LogonOptions_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31031, oval:gov.nist.USGCB.ie8:tst:31031, oval:gov.nist.USGCB.ie8:obj:31031, oval:gov.nist.USGCB.ie8:ste:31031, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the following logon options. (xccdf_gov.nist_rule_LogonOptions_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31069, oval:gov.nist.USGCB.ie8:tst:31069, oval:gov.nist.USGCB.ie8:obj:31069, oval:gov.nist.USGCB.ie8:ste:31069, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)