Title

Internet Explorer is not configured to require consistent security zone settings to all users. (Cat II impact)

Discussion

This setting enforces consistent security zone settings to all users of the computer. Security zones control browser behavior at various web sites and it is desirable to maintain a consistent policy for all users of a machine.

Check Content

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer “Security Zones: Use only machine settings” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value Security_HKLM_only is REG_DWORD = 1, this is not a finding.

Fix Text

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer “Security Zones: Use only machine settings” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: Set the value Security_HKLM_only to REG_DWORD = 1.

Additional Identifiers

Rule ID:

Vulnerability ID: V-3427

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.