18.6.5.1 (L2) Ensure 'Enable Font Providers' is set to 'Disabled'

Information

This policy setting determines whether Windows is allowed to download fonts and font catalog data from an online font provider.

The recommended state for this setting is: Disabled

In an enterprise managed environment the IT department should be managing the changes to the system configuration, to ensure all changes are tested and approved.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled :

Computer Configuration\Policies\Administrative Templates\Network\Fonts\Enable Font Providers

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template GroupPolicy.admx/adml that is included with the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates (or newer).

Impact:

Windows will not connect to an online font provider and will only enumerate locally-installed fonts.

See Also

https://workbench.cisecurity.org/benchmarks/16912