UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Users must be prevented from using the remote fetch feature to access files on the machine (32 bit).


Overview

Finding ID Version Rule ID IA Controls Severity
V-71323 DTOO602 SV-85947r2_rule Medium
Description
This setting will prevent users from going to onedrive.com to use the remote fetch feature to browse the file system of the machine (a feature supported on OneDrive running on Windows with the exception of Windows 8.1). This setting is for machines running 32-bit versions of Windows.
STIG Date
Microsoft OneDrive for Business 2016 Security Technical Implementation Guide 2020-03-23

Details

Check Text ( C-71721r7_chk )
Note: It is important to load the OneDrive ADMX/L templates under the DISA GPO Baseline Package under the ADMX Templates\OneDrive NextGen in order to view and set the settings appropriately. The DISA GPO Baseline Package can be downloaded from the DoD Cyber Exchange.

Verify the policy value for Computer Configuration -> Administrative Templates -> OneDrive -> "Prevent users from using the remote fetch feature to access files on the machine (32-bit)" is set to "Enabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKLM\Software\Microsoft\OneDrive\Remote Access

Criteria: If the value GPOEnabled is REG_DWORD = 1, this is not a finding.
Fix Text (F-77631r3_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> OneDrive -> "Prevent users from using the remote fetch feature to access files on the machine (32-bit)" to "Enabled".