Title

External branding feature of Internet Explorer must be disallowed . (Cat II impact)

Discussion

Prevents branding of Internet programs, such as customization of Internet Explorer and Outlook Express logos and title bars, by another party. If you enable this policy, it prevents customization of the browser by another party, such as an Internet service provider or Internet content provider. If you disable this policy or do not configure it, users could install customizations from another party-for example, when signing up for Internet services. This policy is intended for administrators who want to maintain a consistent browser across an organization.

Check Content

The policy value for User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Disable external branding of Internet Explorer" must be “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions Criteria: If the value NoExternalBranding is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Disable external branding of Internet Explorer" to “Enabled”.

Additional Identifiers

Rule ID: SV-40692r1_rule

Vulnerability ID: V-15575

Group Title: DTBI695 - External branding of Internet Explorer

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.