Check: DTBI305
Microsoft IE Version 7:
DTBI305
(in version v4 r20)
Title
Automatic configuration of Internet Explorer is not disabled. (Cat II impact)
Discussion
This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator. If you enable this policy setting, the user will not be able to do automatic configuration. You can import your current connection settings from your machine using Internet Explorer Maintenance under Admin Templates using group policy editor. If you disable or do no configure this policy setting, the user will have the freedom to automatically configure these settings.
Check Content
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Disable changing Automatic Configuration settings" will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel Criteria: If the value Autoconfig is REG_DWORD = 1 (Hex), this is not a finding.
Fix Text
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Disable changing Automatic Configuration settings" will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel Criteria: Set the value Autoconfig to REG_DWORD = 1 (Hex).
Additional Identifiers
Rule ID: SV-16337r1_rule
Vulnerability ID: V-15490
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |