UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Ability for users to enable or disable add-ons must be enforced.


Overview

Finding ID Version Rule ID IA Controls Severity
V-14245 DTBI697 SV-40529r1_rule ECSC-1 Low
Description
Users often choose to install add-ons that are not permitted by an organization's security policy. Such add-ons can pose a significant security and privacy risk to your network. This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager. If you enable this policy setting, users cannot enable or disable add-ons through Add-On Manager. The only exception occurs if an add-on has been specifically entered into the 'Add-On List' policy setting in such a way as to allow users to continue to manage the add-on. In this case, the user can still manage the add-on. If you disable or do not configure this policy setting, the appropriate controls in the Add-On Manager will be available to the user.
STIG Date
Internet Explorer 9 Security Technical Implementation Guide 2014-03-21

Details

Check Text ( http://oval.mitre.org/XMLSchema/oval-definitions-5 )
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> “Do Not Allow Users to enable or Disable Add-Ons” must be “Disabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions

Criteria: If the value NoExtensionManagement does not exist or the value is set to REG_DWORD = 0, this is not a finding.
Fix Text (F-34418r1_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> “Do Not Allow Users to enable or Disable Add-Ons” to “Disabled”.