Title

Disable external branding of Internet Explorer is not enabled. (Cat II impact)

Discussion

Prevents branding of Internet programs, such as customization of Internet Explorer and Outlook Express logos and title bars, by another party. If you enable this policy, it prevents customization of the browser by another party, such as an Internet service provider or Internet content provider. If you disable this policy or do not configure it, users could install customizations from another party-for example, when signing up for Internet services. This policy is intended for administrators who want to maintain a consistent browser across an organization.

Check Content

The policy value for User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Disable external branding of Internet Explorer" will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions Criteria: If the value NoExternalBranding is REG_DWORD = 1, this is not a finding.

Fix Text

The policy value for User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Disable external branding of Internet Explorer" will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions Criteria: Set the value NoExternalBranding to REG_DWORD = 1.

Additional Identifiers

Rule ID:

Vulnerability ID: V-15575

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.