Title

Internet Explorer - Do not allow users to enable or disable add-ons. (Cat III impact)

Discussion

This check verifies that the system is configured to allow users to enable or disable add-ons through Add-On Manager in Internet Explorer.

Check Content

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer “Do Not Allow Users to enable or Disable Add-Ons” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions Criteria: If the value NoExtensionManagement “does not” exist or the value is set to REG_DWORD = 0, this is not a finding. If the value NoExtensionManagement “does” exist and is set to REG_DWORD = 1 (decimal), this is a finding.

Fix Text

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer “Do Not Allow Users to enable or Disable Add-Ons” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions Criteria: Remove the value NoExtensionManagement or set to REG_DWORD = 0 (decimal).

Additional Identifiers

Rule ID:

Vulnerability ID: V-14245

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.