Title

The Opt-In Wizard must be disabled. (Cat II impact)

Discussion

The Opt-in Wizard displays the first time users run a 2013 Microsoft Office application, which allows them to opt into Internet-based services that will help improve their Office experience, such as Microsoft Update, the Customer Experience Improvement Program, Office Diagnostics, and Online Help. If an organization has policies that govern the use of such external resources, allowing users to opt in to these services might cause them to violate the policies.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Privacy >> Trust Center "Disable Opt-in Wizard on first run" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\general If the value “ShownFirstRunOptin” is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Privacy -> Trust Center "Disable Opt-in Wizard on first run" to "Enabled".

Additional Identifiers

Rule ID: SV-52720r5_rule

Vulnerability ID: V-17664

Group Title: DTOO183 - Opt-In Wizard on first run use

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.