1.49 Ensure 'AutoLaunch Protocols Component Enabled' is set to 'Disabled'

Information

This policy setting specifies whether the AutoLaunch Protocols Component is enabled or disabled. This Component allows Microsoft to provide a list similar to the AutoLaunchProtocolsFromOrigins (Define a list of Protocols that can launch an external application from listed origins without prompting the user) policy, which allows certain external Protocols to launch without prompt or blocking certain Protocols (on specified origins).

The recommended state for this setting is: Disabled.

Rationale:

Allowing applications to AutoLaunch without prompting users for websites in Microsoft Edge, could open an organization up to malicious sites that may capture proprietary information through the browser app.

Impact:

Disabling this setting will prompt users whether to allow or deny Microsoft Edge to open certain links in their associated application, no protocols can launch without prompt.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Administrative Templates\Microsoft Edge\AutoLaunch Protocols Component Enable

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from: Download Microsoft Edge for Business - Microsoft.

Default Value:

Enabled. (The AutoLaunch Protocols component is enabled.)

See Also

https://workbench.cisecurity.org/benchmarks/11865

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|CM-11, 800-53|SC-18, CSCv7|7.2

Plugin: Windows

Control ID: 8f6dcc1dfe3339a10bd3ea546aa6f3cee375abefb12282347470e56fe5804099