Allow Trusted Locations not on the computer

Allow Trusted Locations not on the computer - Word

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17321	DTOO308 - Word	SV-18361r1_rule	ECSC-1	Medium

Description
By default, files located in trusted locations and specified in the Trust Center are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with minimal security and without prompting the user for permission. By default, users can specify trusted locations on network shares or in other remote locations that are not under their direct control by selecting the Allow Trusted Locations on my network (not recommended) check box in the Trusted Locations section of the Trust Center. If a dangerous file is opened from a trusted location, it will not be subject to typical security measures and could affect users' computers or data.

Description

By default, files located in trusted locations and specified in the Trust Center are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with minimal security and without prompting the user for permission. By default, users can specify trusted locations on network shares or in other remote locations that are not under their direct control by selecting the Allow Trusted Locations on my network (not recommended) check box in the Trusted Locations section of the Trust Center. If a dangerous file is opened from a trusted location, it will not be subject to typical security measures and could affect users' computers or data.

STIG	Date
Microsoft Word 2007	2014-01-07

Details

Check Text ( C-17945r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Word 2007 -> Word Options -> Security -> Trust Center -> Trusted Locations “Allow Trusted Locations not on the computer” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Word\Security\Trusted Locations Criteria: If the value AllowNetworkLocations is REG_DWORD = 0, this is not a finding.

Check Text ( C-17945r1_chk )

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Word 2007 -> Word Options -> Security -> Trust Center -> Trusted Locations “Allow Trusted Locations not on the computer” will be set to “Disabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\Word\Security\Trusted Locations

Criteria: If the value AllowNetworkLocations is REG_DWORD = 0, this is not a finding.

Fix Text (F-17213r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Word 2007 -> Word Options -> Security -> Trust Center -> Trusted Locations “Allow Trusted Locations not on the computer” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Word\Security\Trusted Locations Criteria: Set the value AllowNetworkLocations is REG_DWORD = 0.

Fix Text (F-17213r1_fix)

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Word 2007 -> Word Options -> Security -> Trust Center -> Trusted Locations “Allow Trusted Locations not on the computer” will be set to “Disabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\Word\Security\Trusted Locations

Criteria: Set the value AllowNetworkLocations is REG_DWORD = 0.