Check: DTBI697
Microsoft IE Version 7:
DTBI697
(in version v4 r20)
Title
Internet Explorer - Do not allow users to enable or disable add-ons. (Cat III impact)
Discussion
This check verifies that the system is configured to allow users to enable or disable add-ons through Add-On Manager in Internet Explorer.
Check Content
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer “Do Not Allow Users to enable or Disable Add-Ons” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions Criteria: If the value NoExtensionManagement “does not” exist or the value is set to REG_DWORD = 0, this is not a finding. If the value NoExtensionManagement “does” exist and is set to REG_DWORD = 1 (decimal), this is a finding.
Fix Text
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer “Do Not Allow Users to enable or Disable Add-Ons” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions Criteria: Remove the value NoExtensionManagement or set to REG_DWORD = 0 (decimal).
Additional Identifiers
Rule ID: SV-14856r1_rule
Vulnerability ID: V-14245
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |