2.11.8.7.2.1.1 Ensure 'Set default file block behavior' is set to 'Enabled: Blocked files are not opened'

Information

This policy setting determines if users can open, view, or edit Word files that are by default blocked by Microsoft Office.

The recommended state for this setting is: Enabled: Blocked files are not opened.

Rationale:

By default, users can open, view, or edit a large number of file types in Word. Some file types are safer than others, as some could allow malicious code to execute on a user computer or the network.

Impact:

Enabling this setting prevents users from opening, viewing, or editing certain types of files in Word. Productivity could be affected if users who require access to any of these file types cannot access them.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled.

User Configuration\Administrative Templates\Microsoft Word 2016\Word Options\Security\Trust Center\File Block Settings\Set Default File Block Behavior

Default Value:

Disabled. (The behavior is the same as the Blocked files are not opened setting. Users will not be able to open blocked files.)

See Also

https://workbench.cisecurity.org/benchmarks/12129

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.2.

Plugin: Windows

Control ID: ad59cd11f54311fcf5769301817c77d2ce150975e6c96b72c71786580ef2988f