8.3.29 Set 'Web sites in less privileged Web content zones can navigate into this zone' to 'Enabled:Disable'

Information

*Description*

This policy setting allows you to manage whether Web sites from less privileged zones can
navigate into this zone. The recommended state for this setting is- Enabled-Disable.

*Rationale*

If you enable this policy setting, Web sites from less privileged zones can open new
windows in, or navigate into, this zone. The security zone will run without the added layer
of security that is provided by the Protection from Zone Elevation security feature.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Web sites in less
privileged Web content zones can navigate into this zone\Web sites in less privileged
Web content zones can navigate into this zone

Then set the Web sites in less privileged Web content zones can navigate into
this zone option to Disable.

Impact-If you enable this policy setting, Web sites from less privileged zones can open new
windows in, or navigate into, this zone. The security zone will run without the added layer
of security that is provided by the Protection from Zone Elevation security feature. If you
select Prompt in the drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you disable this policy setting, the possibly harmful
navigations are prevented. The Internet Explorer security feature will be on in this zone as
set by Protection from Zone Elevation feature control. If you do not configure this policy
setting, Web sites from less privileged zones can open new windows in, or navigate into,
this zone.

See Also

https://workbench.cisecurity.org/files/1516

Item Details

Audit Name: CIS IE 9 v1.0.0

Category: ACCESS CONTROL

References: 800-53|AC-4

Plugin: Windows

Control ID: a0428ec653a9944df609dc9b157709b74693ec1b8f786bac7e6899129304775c