8.1.6 Set 'Allow script- initiated windows without size or position constraints' to 'Enabled:Disable'

Information

*Description*

This policy setting allows you to manage restrictions on script-initiated pop-up windows
and windows that include the title and status bars. The recommended state for this setting
is- Enabled-Disable.

*Rationale*

If you enable this policy setting, scripts will be able to launch and resize additional browser
windows without and limits on size or position, attackers have used this feature in the past
to confuse users and cause them to click on links that led to undesirable consequences.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone\Allow script-initiated
windows without size or position constraints\Allow script-initiated windows without
size or position constraints

Then set the Allow script-initiated windows without size or position constraints
option to Disable.

Impact-If you enable this policy setting, Windows Restrictions security will not apply in this zone.
The security zone runs without the added layer of security provided by this feature. If you
disable this policy setting, the possible harmful actions contained in script-initiated pop-up
windows and windows that include the title and status bars cannot be run. This Internet
Explorer security feature will be on in this zone as dictated by the Scripted Windows
Security Restrictions feature control setting for the process. If you do not configure this
policy setting, the possible harmful actions contained in script-initiated pop-up windows
and windows that include the title and status bars cannot be run. This Internet Explorer
security feature will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process.

See Also

https://workbench.cisecurity.org/files/1516

Item Details

Audit Name: CIS IE 9 v1.0.0

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CSCv6|3.1

Plugin: Windows

Control ID: 23d762c47c585988bccf488ed342abacbe9c53984207225d8fe7c50801071772