Title

The user is allowed to launch Windows Messenger (MSN Messenger, .NET Messenger). (Cat II impact)

Discussion

This setting prevents the Windows Messenger client from being run. Instant Messaging clients must be in compliance of with the Instant Messaging STIG. Windows Messenger should not be active on Windows unless the instant messaging system is a Managed Enterprise Service for unclassified data for which the DAA has approved.

Check Content

If the following registry value doesn’t exist or its value is not set to 1, then this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Messenger\Client\ Value Name: PreventRun Type: REG_DWORD Value: 1 Documentable Explanation: If the site has a requirement for Windows Messaging and meets the conditions of the Instant Messaging STIG this needs to be documented with the IAO.

Fix Text

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Messenger “Do Not Allow Windows Messenger to be Run” to “Enabled”.

Additional Identifiers

Rule ID: SV-29239r1_rule

Vulnerability ID: V-3348

Group Title: Windows Messenger - Do Not Allow To Run

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.