Enable Modal Trust Decision Only

Enable Modal Trust Decision Only - Access

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17757	DTOO135 - Access	SV-18952r1_rule		Medium

Description
By default, when users open an untrusted Access 2007 database that contains user-programmed executable components, Access opens the database with the components disabled and displays the Message Bar with a warning that database content has been disabled. Users can inspect the contents of the database, but cannot use any disabled functionality until they enable it by clicking Options on the Message Bar and selecting the appropriate action. The default configuration can be changed so that users see a dialog box when they open an untrusted database with executable components. Users must then choose whether to enable or disable the components before working with the database. In these circumstances users frequently enable the components, even if they do not require them. Executable components can be used to launch an attack against a computer environment.

Description

By default, when users open an untrusted Access 2007 database that contains user-programmed executable components, Access opens the database with the components disabled and displays the Message Bar with a warning that database content has been disabled. Users can inspect the contents of the database, but cannot use any disabled functionality until they enable it by clicking Options on the Message Bar and selecting the appropriate action. The default configuration can be changed so that users see a dialog box when they open an untrusted database with executable components. Users must then choose whether to enable or disable the components before working with the database. In these circumstances users frequently enable the components, even if they do not require them. Executable components can be used to launch an attack against a computer environment.

STIG	Date
Microsoft Access 2007	2016-06-30

Details

Check Text ( C-19019r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Access 2007 -> Tools \ Security “Modal Trust Decision Only” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Access\Security Criteria: If the value ModalTrustDecisionOnly is REG_DWORD = 0, this is not a finding.

Check Text ( C-19019r1_chk )

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Access 2007 -> Tools \ Security “Modal Trust Decision Only” will be set to “Disabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\Access\Security

Criteria: If the value ModalTrustDecisionOnly is REG_DWORD = 0, this is not a finding.

Fix Text (F-17656r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Access 2007 -> Tools \ Security “Modal Trust Decision Only” will be set to “Disabled”.