8.11 Set 'Security Zones: Use only machine settings' to 'Enabled'

Information

*Description*

This policy setting affects how security zone changes apply to different users. If you enable
this policy setting, changes that one user makes to a security zone will apply to all users of
that computer. If this policy setting is disabled or not configured, users of the same
computer are allowed to establish their own security zone settings. The recommended
state for this setting is- Enabled.

*Rationale*

Users who change their Internet Explorer security settings could enable the execution of
dangerous types of code from the Internet and Web sites that were listed in the Restricted
Sites zone in the browser.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Security Zones- Use only machine settings

Impact-Users will not be able to configure security settings for Internet Explorer zones.

See Also

https://workbench.cisecurity.org/files/1516

Item Details

Audit Name: CIS IE 9 v1.0.0

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-5

Plugin: Windows

Control ID: baabeecf32257ad4bdbc55044f673bb27e93846a50eb9b74d96420268a5f3c4b